Same-Thread Passive Flags in the ETHREAD

Windows XP gave the ETHREAD three sets of bit fields. The set that is overlaid by the SameThreadPassiveFlags member, which is a ULONG for simultaneous access to all the bits described below, has moved around a little.

Version Offset (x86) Offset (x64)
5.1 0x024C  
early 5.2 (before Windows Server 2003 SP1) 0x0254  
late 5.2 (Windows Server 2003 SP1) 0x0244 0x0418
very late 5.2 (Windows Server 2003 SP2) 0x0244 0x0400
6.0 0x0264 0x041C
6.1 0x0284 0x044C
6.2 0x026C 0x0430
6.3 0x03BC 0x06B8
10.0 0x03CC 0x06C0

Bit Fields

Mask Definition Versions
0x00000001
ULONG ActiveExWorker : 1;
5.1 and higher
0x00000002 (5.1 to 6.1)
ULONG ExWorkerCanWaitUser : 1;
5.1 to 6.1
0x00000004 (5.1 to 6.1);
0x00000002
ULONG MemoryMaker : 1;
5.1 and higher
0x00000008 (5.1 to 6.1);
0x00000004
ULONG ClonedThread : 1;
6.0 and higher
0x00000008 (5.2);
0x00000010 (6.0 to 6.1);
0x00000008
ULONG KeyedEventInUse : 1;
5.2 and higher
0x00000060 (6.0 to 6.1)
ULONG RateApcState : 2;
6.0 to 6.1
0x00000080 (6.0 to 6.1);
0x00000010
ULONG SelfTerminate : 1;
6.0 and higher
0x00000020
ULONG RespectIoPriority : 1;
10.0 and higher
 
ULONG ReservedSameThreadPassiveFlags : 26;
10.0 and higher