RTL_PROCESS_BACKTRACE_INFORMATION

The RTL_PROCESS_BACKTRACE_INFORMATION structure is a recurring element in the RTL_PROCESS_BACKTRACES structure that a successful call to ZwQuerySystemInformation or NtQuerySystemInformation produces at the start of its output buffer when given the information class SystemStackTraceInformation (0x0D).

Documentation Status

The RTL_PROCESS_BACKTRACE_INFORMATION structure is not documented.

Layout

The RTL_PROCESS_BACKTRACE_INFORMATION is 0x8C or 0x0110 bytes in 32-bit and 64-bit Windows, respectively.

Offset (x86) Offset (x64) Definition
0x00 0x00
PSTR SymbolicBackTrace;
0x04 0x08
ULONG TraceCount;
0x08 0x0C
USHORT Index;
0x0A 0x0E
USHORT Depth;
0x0C 0x10
PVOID BackTrace [0x20];