SKETCH OF HOW RESEARCH MIGHT CONTINUE AND RESULTS BE PRESENTED

SILO_CONTEXT

The SILO_CONTEXT (formally _SILO_CONTEXT) was a very short-lived step on the silo object’s evolution into a special type of job object. It is known only in the 1511 release of Windows 10.

Layout

The SILO_CONTEXT is 0x50 or 0x90 bytes in 32-bit and 64-bit Windows, respectively. Microsoft’s names and types of the structure’s members are not known. Type information in the public symbol files for the kernel shows only the structure’s name as a declaration, not its members from a definition.

Offset (x86) Offset (x64) Definition Remarks
0x00 0x00 unknown ERESOURCE previously in ESILO
0x38 0x68 unknown LIST_ENTRY links structures for objects inserted into silo:
see PsInsertSiloObjectFromJob
0x40 0x78 
ULONG NumberOfChildSilos;
 previously in ESILO
0x44 0x7C unaccounted four bytes  
0x48 0x80 
EJOB *ParentSilo;
 previously in ESILO;
next in EJOB
0x4C 0x88 
ESERVERSILO_GLOBALS *ServerSiloGlobals;
 previously in ESILO;
next in EJOB

This page was created on 16th August 2022 and was last modified on 21st August 2022.

Copyright © 2022. Geoff Chappell. All rights reserved. Conditions apply.