Same-Thread APC Flags in the ETHREAD

Windows XP gave the ETHREAD three sets of bit fields. The set that is overlaid by the SameThreadApcFlags member, which is a ULONG for simultaneous access to all the bits described below, started with just three bits, two of which had been booleans. Many were added for later versions and many then disappeared in a reorganisation for Windows 10.

Despite the ULONG overlay, the flags themselves are defined as UCHAR bit fields, and in one case with volatile as well.

Offset / Mask	Definition	Versions	History
0x00 / 0x01	UCHAR OwnsProcessAddressSpaceExclusive : 1;	10.0 and higher	previously 0x01 / 0x02
0x00 / 0x02	UCHAR OwnsProcessAddressSpaceShared : 1;	10.0 and higher	previously 0x01 / 0x04
0x00 / 0x01 (5.1 to 6.3); 0x00 / 0x04	UCHAR LpcReceivedMsgIdValid : 1;	5.1 to 5.2	previously as BOOLEAN
	UCHAR Spare : 1;	6.0 to 6.2
	UCHAR HardFaultBehavior : 1;	6.3 and higher
0x00 / 0x02 (5.1 to 6.3); 0x00 / 0x08	UCHAR LpcExitThreadCalled : 1;	5.1 to 5.2	previously as BOOLEAN
0x00 / 0x02 (5.1 to 6.3); 0x00 / 0x08	UCHAR volatile StartAddressInvalid : 1;	6.0 and higher
0x00 / 0x04 (5.1 to 6.3); 0x00 / 0x10	UCHAR AddressSpaceOwner : 1;	5.1 to 5.2
	UCHAR EtwPageFaultCalloutActive : 1;	6.0 to 6.1
	UCHAR EtwCalloutActive : 1;	6.2 and higher
0x00 / 0x08 (late 5.2 to 6.3)	UCHAR OwnsProcessWorkingSetExclusive : 1;	late 5.2 to 6.3
0x00 / 0x10 (late 5.2 to 6.3)	UCHAR OwnsProcessWorkingSetShared : 1;	late 5.2 to 6.3
0x00 / 0x20 (late 5.2 to 6.3)	UCHAR OwnsSystemWorkingSetExclusive : 1;	late 5.2 to 6.0
0x00 / 0x20 (late 5.2 to 6.3)	UCHAR OwnsSystemCacheWorkingSetExclusive : 1;	6.1 to 6.3
0x00 / 0x40 (late 5.2 to 6.3)	UCHAR OwnsSystemWorkingSetShared : 1;	late 5.2 to 6.0
0x00 / 0x40 (late 5.2 to 6.3)	UCHAR OwnsSystemCacheWorkingSetShared : 1;	6.1 to 6.3
0x00 / 0x80 (late 5.2 to 6.3)	UCHAR OwnsSessionWorkingSetExclusive : 1;	late 5.2 to 6.3
0x01 / 0x01 (late 5.2 to 6.3)	UCHAR OwnsSessionWorkingSetShared : 1;	late 5.2 to 6.3
0x01 / 0x02 (late 5.2 to 6.3)	UCHAR ApcNeeded : 1;	late 5.2 to v. late 5.2	previously in union with CreateTime
0x01 / 0x02 (late 5.2 to 6.3)	UCHAR OwnsProcessAddressSpaceExclusive: 1;	6.0 to 6.3	next as 0x00 / 0x01
0x01 / 0x04 (6.0 to 6.3)	UCHAR OwnsProcessAddressSpaceShared : 1;	6.0 to 6.3	next as 0x00 / 0x02
0x01 / 0x08 (6.0 to 6.3); 0x00 / 0x20	UCHAR SuppressSymbolLoad : 1;	6.0 and higher
0x01 / 0x10 (6.0 to 6.3); 0x00 / 0x40	UCHAR Prefetching : 1;	6.0 and higher
0x01 / 0x20 (6.0 to 6.3); 0x00 / 0x80	UCHAR OwnsDynamicMemoryShared : 1;	6.0 to 6.1
0x01 / 0x20 (6.0 to 6.3); 0x00 / 0x80	UCHAR OwnsVadExclusive : 1;	6.2 and higher
0x01 / 0x40 (6.0 to 6.3)	UCHAR OwnsChangeControlAreaExclusive : 1;	6.0 to 6.3
0x01 / 0x80 (6.0 to 6.3)	UCHAR OwnsChangeControlAreaShared : 1;	6.0 to 6.3
0x02 / 0x01 (6.1 to 6.3)	UCHAR OwnsPagedPoolWorkingSetExclusive : 1;	6.1 to 6.3
0x02 / 0x02 (6.1 to 6.3)	UCHAR OwnsPagedPoolWorkingSetShared : 1;	6.1 to 6.3
0x02 / 0x04 (6.1 to 6.3)	UCHAR OwnsSystemPtesWorkingSetExclusive : 1;	6.1 to 6.3
0x02 / 0x08 (6.1 to 6.3)	UCHAR OwnsSystemPtesWorkingSetShared : 1;	6.1 to 6.3
0x02 / 0x30 (6.1 to 6.3)	UCHAR TrimTrigger : 2;	6.1 to 6.3
	UCHAR Spare1 : 8;	late 6.0 only
	UCHAR Spare1 : 2;	6.1 only
	UCHAR Spare2 : 2;	6.3
0x02 / 0x0F (early 6.0); 0x03 / 0xFF (late 6.0 to 6.2)	UCHAR PriorityRegionActive;	6.0 to 6.2
0x03 / 0x01 (6.3); 0x02 / 0x01	UCHAR SystemPagePriorityActive : 1;	6.3 and higher
0x03 / 0x0E (6.3); 0x02 / 0x0E	UCHAR SystemPagePriority : 3;	6.3 and higher
	UCHAR Spare3 : 4;	6.3 only
0x02 / 0x10	UCHAR AllowWritesToExecutableMemory : 1;	1709 to 1809
0x02 / 0x10	UCHAR AllowUserWritesToExecutableMemory : 1;	1903 and higher
0x02 / 0x20	UCHAR AllowKernelWritesToExecutableMemory : 1;	1903 and higher
0x02 / 0x20 (1809); 0x02 / 0x40	UCHAR OwnsVadShared : 1;	1809 and higher

In the build of version 6.0 for Windows Vista SP1, i.e., Windows Server 2008, PriorityRegionActive is no longer a bit field but becomes the whole of the fourth byte until it gets reworked for Windows 8.1.