RTL_PROCESS_BACKTRACES

The RTL_PROCESS_BACKTRACES structure is what a successful call to ZwQuerySystemInformation or NtQuerySystemInformation produces in its output buffer when given the information class SystemStackTraceInformation (0x0D).

Documentation Status

The RTL_PROCESS_BACKTRACES structure is not documented.

Layout

The RTL_PROCESS_BACKTRACES is 0x9C or 0x0128 bytes in 32-bit and 64-bit Windows, respectively.

Offset (x86) Offset (x64) Definition
0x00 0x00
ULONG_PTR CommittedMemory;
0x04 0x08
ULONG_PTR ReservedMemory;
0x08 0x10
ULONG NumberOfBackTraceLookups;
0x0C 0x14
ULONG NumberOfBackTraces;
0x10 0x18
RTL_PROCESS_BACKTRACE_INFORMATION BackTraces [ANYSIZE_ARRAY];