#ifndef _EVEN_PEB_H_
#define _EVEN_PEB_H_ 1

#include <ddk/ntddk.h>
#include <minwindef.h>
#include "uthash.h"

typedef struct _PEB_LDR_DATA {
    BYTE Reserved1[8];
    PVOID Reserved2[3];
    LIST_ENTRY InMemoryOrderModuleList;
} PEB_LDR_DATA,*PPEB_LDR_DATA;

typedef struct _RTL_USER_PROCESS_PARAMETERS {
    BYTE Reserved1[16];
    PVOID Reserved2[10];
    UNICODE_STRING ImagePathName;
    UNICODE_STRING CommandLine;
} RTL_USER_PROCESS_PARAMETERS,*PRTL_USER_PROCESS_PARAMETERS;

/* This function pointer is undocumented and just valid for windows 2000.
   Therefore I guess.  */
typedef VOID (NTAPI *PPS_POST_PROCESS_INIT_ROUTINE)(VOID); 

typedef struct _PEB {
    BYTE Reserved1[2];   
    BYTE BeingDebugged;
    BYTE Reserved2[1];
    PVOID Reserved3[2];
    PPEB_LDR_DATA Ldr;
    PRTL_USER_PROCESS_PARAMETERS ProcessParameters;
    PVOID Reserved4[3];
    PVOID AtlThunkSListPtr;
    PVOID Reserved5;
    ULONG Reserved6;
    PVOID Reserved7;
    ULONG Reserved8;
    ULONG AtlThunkSListPtr32;
    PVOID Reserved9[45];
    BYTE Reserved10[96];
    PPS_POST_PROCESS_INIT_ROUTINE PostProcessInitRoutine;
    BYTE Reserved11[128];
    PVOID Reserved12[1];
    ULONG SessionId;
} PEB,*PPEB;

struct even_peb {
    HANDLE pid;
    int refcnt;
    PEB fake_peb;
    UT_hash_handle hh;
};

#endif
// vim: sw=4 et