1. R3TCB.SuspendCount
2. R3TCB.Flags
3. R3TCB.R0TCB
4. R3TID (=R3PID+1 ?)
5. R3PID
6. VWIN32 ResumeThread win32 API ID
7. VWIN32 SuspendThread win32 API ID

SuspendThread:

8B F8               mov edi, eax
85 FF               test edi, edi
74 22               jz  short loc_0_BFF93F74
F6 47 44 40         test byte ptr [edi+44h], 40h
75 0D               jnz short loc_0_BFF93F65
57                  push edi
E8 68 87 FF FF      call    pSuspendR0Thread
83 F8 FF            cmp     eax, 0FFFFFFFFh

pSuspendR0Thread:
8B 45 08            mov     eax, [ebp+arg_0]
F6 40 47 10         test    byte ptr [eax+47h], 10h
75 14               jnz     short loc_0_BFF94E19
8B 40 5C            mov     eax, [eax+5Ch]
85 C0               test    eax, eax
74 0D               jz      short loc_0_BFF94E19
50                  push    eax
68 1A 00 2A 00      push    2A001Ah
---------------------------------------------------
8B 44 24 04         mov eax, [esp+arg_0]
56                  push esi
BE FF FF FF FF      mov esi, 0FFFFFFFFh
F6 40 43 10         test byte ptr [eax+43h], 10h
75 14               jnz short loc_0_BFF8E70F
8B 40 50            mov eax, [eax+50h]
85 C0               test eax, eax
74 0D               jz  short loc_0_BFF8E70F
50                  push eax
68 17 00 2A 00      push 2A0017h


8B B7 B8 01 00 00   mov esi, [edi+1B8h]
8D 46 01            lea eax, [esi+1]
89 87 B8 01 00 00   mov [edi+1B8h], eax
---------------------------------------
81 C7 C8 01 00 00   add edi, 1C8h
8B 37               mov esi, [edi]
8D 46 01            lea eax, [esi+1]
89 07               mov [edi], eax


ResumeThread:

8B F8               mov edi, eax
85 FF               test edi, edi
74 2F               jz  short loc_0_BFF8E564
8B 87 B8 01 00 00   mov eax, [edi+1B8h]
85 C0               test eax, eax
74 25               jz  short loc_0_BFF8E564
F6 47 44 40         test byte ptr [edi+44h], 40h
74 05               jz  short loc_0_BFF8E54A
-------------------------------------------------
85 C0               test eax, eax
74 2B               jz  short loc_0_BFF8E7AB
8D B8 C8 01 00 00   lea edi, [eax+1C8h]
8B 0F               mov ecx, [edi]
85 C9               test ecx, ecx
74 1F               jz  short loc_0_BFF8E7AB
F6 40 40 40         test byte ptr [eax+40h], 40h
74 07               jz  short loc_0_BFF8E799
8B F1               mov esi, ecx
49                  dec ecx
89 0F               mov [edi], ecx
EB 12               jmp short loc_0_BFF8E7AB


OpenProcess:
80 38 06            cmp byte ptr [eax], 6
74 0E               jz  short loc_0_BFF95D90
6A 57               push 57h
E8 17 6C FE FF      call sub_0_BFF7C9A0
B9 FF FF FF FF      mov ecx, 0FFFFFFFFh
EB 30               jmp short loc_0_BFF95DC0
--------------------------------------------
83 38 05            cmp   dword ptr [eax], 5
74 0E               jz    short loc_BFF94026
6A 57               push  57h
E8 23 69 FE FF      call sub_BFF7A942
B9 FF FF FF FF      mov   ecx, 0FFFFFFFFh
EB 33               jmp   short loc_BFF94059
