Tendokyu/even
1
0
Fork 0
mirror of https://gitea.tendokyu.moe/self/even synced 2024-12-19 11:05:57 +01:00
Code Issues Packages Projects Releases Wiki Activity
0920dee45e
even/even_peb.h
Zephyr Lykos 3c5a0a17db
style: run clang-format
2024-03-30 14:30:08 +08:00

60 lines
1.3 KiB
C
Raw Blame History

#ifndef _EVEN_PEB_H_
#define _EVEN_PEB_H_ 1
#include "uthash.h"
#include <ddk/ntddk.h>
#include <minwindef.h>
typedef struct _PEB_LDR_DATA
{
BYTE Reserved1[8];
PVOID Reserved2[3];
LIST_ENTRY InMemoryOrderModuleList;
} PEB_LDR_DATA, *PPEB_LDR_DATA;
typedef struct _RTL_USER_PROCESS_PARAMETERS
{
BYTE Reserved1[16];
PVOID Reserved2[10];
UNICODE_STRING ImagePathName;
UNICODE_STRING CommandLine;
} RTL_USER_PROCESS_PARAMETERS, *PRTL_USER_PROCESS_PARAMETERS;
/* This function pointer is undocumented and just valid for windows 2000.
Therefore I guess. */
typedef VOID(NTAPI *PPS_POST_PROCESS_INIT_ROUTINE)(VOID);
typedef struct _PEB
{
BYTE Reserved1[2];
BYTE BeingDebugged;
BYTE Reserved2[1];
PVOID Reserved3[2];
PPEB_LDR_DATA Ldr;
PRTL_USER_PROCESS_PARAMETERS ProcessParameters;
PVOID Reserved4[3];
PVOID AtlThunkSListPtr;
PVOID Reserved5;
ULONG Reserved6;
PVOID Reserved7;
ULONG Reserved8;
ULONG AtlThunkSListPtr32;
PVOID Reserved9[45];
BYTE Reserved10[96];
PPS_POST_PROCESS_INIT_ROUTINE PostProcessInitRoutine;
BYTE Reserved11[128];
PVOID Reserved12[1];
ULONG SessionId;
} PEB, *PPEB;
struct even_peb
{
HANDLE pid;
int refcnt;
PEB fake_peb;
UT_hash_handle hh;
};
#endif
// vim: sw=4 et
Reference in New Issue View Git Blame Copy Permalink