Geoff Chappell, Software Analyst
The KPROCESSOR_STATE (formally _KPROCESSOR_STATE) is a relatively simple aggregate of processor state that the kernel saves and restores before and after freezing a processor’s execution. Each of its components is necessarily highly specific to the processor architecture. Public symbols for the kernel starting with Windows 8 confirm that Microsoft defines the structure separately (in different headers) for different processors. This page concerns itself only with the KPROCESSOR_STATE in 32-bit Windows for the processor architecture that’s variously named i386 or x86. The x64 KPROCESSOR_STATE is presented separately.
The KPROCESSOR_STATE is 0x0120 bytes before version 5.0 and is then 0x0320 bytes. This change is due solely to growth of the CONTEXT structure.
| Offset | Definition | Versions |
|---|---|---|
| 0x00 |
CONTEXT ContextFrame; |
all |
| 0xCC (3.10 to 4.0); 0x02CC |
KSPECIAL_REGISTERS SpecialRegisters; |
all |