even/even_peb.h

#ifndef _EVEN_PEB_H_
#define _EVEN_PEB_H_ 1

#include "uthash.h"
#include <ddk/ntddk.h>
#include <minwindef.h>

typedef struct _PEB_LDR_DATA
{
    BYTE Reserved1[8];
    PVOID Reserved2[3];
    LIST_ENTRY InMemoryOrderModuleList;
} PEB_LDR_DATA, *PPEB_LDR_DATA;

typedef struct _RTL_USER_PROCESS_PARAMETERS
{
    BYTE Reserved1[16];
    PVOID Reserved2[10];
    UNICODE_STRING ImagePathName;
    UNICODE_STRING CommandLine;
} RTL_USER_PROCESS_PARAMETERS, *PRTL_USER_PROCESS_PARAMETERS;

/* This function pointer is undocumented and just valid for windows 2000.
   Therefore I guess.  */
typedef VOID(NTAPI *PPS_POST_PROCESS_INIT_ROUTINE)(VOID);

typedef struct _PEB
{
    BYTE Reserved1[2];
    BYTE BeingDebugged;
    BYTE Reserved2[1];
    PVOID Reserved3[2];
    PPEB_LDR_DATA Ldr;
    PRTL_USER_PROCESS_PARAMETERS ProcessParameters;
    PVOID Reserved4[3];
    PVOID AtlThunkSListPtr;
    PVOID Reserved5;
    ULONG Reserved6;
    PVOID Reserved7;
    ULONG Reserved8;
    ULONG AtlThunkSListPtr32;
    PVOID Reserved9[45];
    BYTE Reserved10[96];
    PPS_POST_PROCESS_INIT_ROUTINE PostProcessInitRoutine;
    BYTE Reserved11[128];
    PVOID Reserved12[1];
    ULONG SessionId;
} PEB, *PPEB;

struct even_peb
{
    HANDLE pid;
    int refcnt;
    PEB fake_peb;
    UT_hash_handle hh;
};

#endif
// vim: sw=4 et
repo: initial commit 2024-03-30 07:28:40 +01:00			`#ifndef _EVEN_PEB_H_`
			`#define _EVEN_PEB_H_ 1`

style: run clang-format 2024-03-30 07:30:08 +01:00			`#include "uthash.h"`
repo: initial commit 2024-03-30 07:28:40 +01:00			`#include <ddk/ntddk.h>`
			`#include <minwindef.h>`

style: run clang-format 2024-03-30 07:30:08 +01:00			`typedef struct _PEB_LDR_DATA`
			`{`
repo: initial commit 2024-03-30 07:28:40 +01:00			`BYTE Reserved1[8];`
			`PVOID Reserved2[3];`
			`LIST_ENTRY InMemoryOrderModuleList;`
style: run clang-format 2024-03-30 07:30:08 +01:00			`} PEB_LDR_DATA, *PPEB_LDR_DATA;`
repo: initial commit 2024-03-30 07:28:40 +01:00
style: run clang-format 2024-03-30 07:30:08 +01:00			`typedef struct _RTL_USER_PROCESS_PARAMETERS`
			`{`
repo: initial commit 2024-03-30 07:28:40 +01:00			`BYTE Reserved1[16];`
			`PVOID Reserved2[10];`
			`UNICODE_STRING ImagePathName;`
			`UNICODE_STRING CommandLine;`
style: run clang-format 2024-03-30 07:30:08 +01:00			`} RTL_USER_PROCESS_PARAMETERS, *PRTL_USER_PROCESS_PARAMETERS;`
repo: initial commit 2024-03-30 07:28:40 +01:00
			`/* This function pointer is undocumented and just valid for windows 2000.`
			`Therefore I guess. */`
style: run clang-format 2024-03-30 07:30:08 +01:00			`typedef VOID(NTAPI *PPS_POST_PROCESS_INIT_ROUTINE)(VOID);`
repo: initial commit 2024-03-30 07:28:40 +01:00
style: run clang-format 2024-03-30 07:30:08 +01:00			`typedef struct _PEB`
			`{`
			`BYTE Reserved1[2];`
repo: initial commit 2024-03-30 07:28:40 +01:00			`BYTE BeingDebugged;`
			`BYTE Reserved2[1];`
			`PVOID Reserved3[2];`
			`PPEB_LDR_DATA Ldr;`
			`PRTL_USER_PROCESS_PARAMETERS ProcessParameters;`
			`PVOID Reserved4[3];`
			`PVOID AtlThunkSListPtr;`
			`PVOID Reserved5;`
			`ULONG Reserved6;`
			`PVOID Reserved7;`
			`ULONG Reserved8;`
			`ULONG AtlThunkSListPtr32;`
			`PVOID Reserved9[45];`
			`BYTE Reserved10[96];`
			`PPS_POST_PROCESS_INIT_ROUTINE PostProcessInitRoutine;`
			`BYTE Reserved11[128];`
			`PVOID Reserved12[1];`
			`ULONG SessionId;`
style: run clang-format 2024-03-30 07:30:08 +01:00			`} PEB, *PPEB;`
repo: initial commit 2024-03-30 07:28:40 +01:00
style: run clang-format 2024-03-30 07:30:08 +01:00			`struct even_peb`
			`{`
repo: initial commit 2024-03-30 07:28:40 +01:00			`HANDLE pid;`
			`int refcnt;`
			`PEB fake_peb;`
			`UT_hash_handle hh;`
			`};`

			`#endif`
			`// vim: sw=4 et`