添加项目文件。
This commit is contained in:
Huoji's
261
teb_def.h
Normal file
261
teb_def.h
Normal file
@@ -0,0 +1,261 @@
|
||||
#pragma once
|
||||
#include <windows.h>
|
||||
typedef struct _STRING32 {
|
||||
USHORT Length;
|
||||
USHORT MaximumLength;
|
||||
ULONG Buffer;
|
||||
} STRING32;
|
||||
typedef struct _STRING64 {
|
||||
USHORT Length;
|
||||
USHORT MaximumLength;
|
||||
ULONGLONG Buffer;
|
||||
} STRING64;
|
||||
// 0x8 bytes (sizeof)
|
||||
struct _CLIENT_ID32 {
|
||||
ULONG UniqueProcess; // 0x0
|
||||
ULONG UniqueThread; // 0x4
|
||||
};
|
||||
// 0x10 bytes (sizeof)
|
||||
struct _CLIENT_ID64 {
|
||||
ULONGLONG UniqueProcess; // 0x0
|
||||
ULONGLONG UniqueThread; // 0x8
|
||||
};
|
||||
// 0x4e0 bytes (sizeof)
|
||||
struct _GDI_TEB_BATCH32 {
|
||||
ULONG Offset; // 0x0
|
||||
ULONG HDC; // 0x4
|
||||
ULONG Buffer[310]; // 0x8
|
||||
};
|
||||
// 0x4e8 bytes (sizeof)
|
||||
struct _GDI_TEB_BATCH64 {
|
||||
ULONG Offset; // 0x0
|
||||
ULONGLONG HDC; // 0x8
|
||||
ULONG Buffer[310]; // 0x10
|
||||
};
|
||||
// 0xfe4 bytes (sizeof)
|
||||
typedef struct _TEB32 {
|
||||
struct _NT_TIB32 NtTib; // 0x0
|
||||
ULONG EnvironmentPointer; // 0x1c
|
||||
struct _CLIENT_ID32 ClientId; // 0x20
|
||||
ULONG ActiveRpcHandle; // 0x28
|
||||
ULONG ThreadLocalStoragePointer; // 0x2c
|
||||
ULONG ProcessEnvironmentBlock; // 0x30
|
||||
ULONG LastErrorValue; // 0x34
|
||||
ULONG CountOfOwnedCriticalSections; // 0x38
|
||||
ULONG CsrClientThread; // 0x3c
|
||||
ULONG Win32ThreadInfo; // 0x40
|
||||
ULONG User32Reserved[26]; // 0x44
|
||||
ULONG UserReserved[5]; // 0xac
|
||||
ULONG WOW32Reserved; // 0xc0
|
||||
ULONG CurrentLocale; // 0xc4
|
||||
ULONG FpSoftwareStatusRegister; // 0xc8
|
||||
ULONG SystemReserved1[54]; // 0xcc
|
||||
LONG ExceptionCode; // 0x1a4
|
||||
ULONG ActivationContextStackPointer; // 0x1a8
|
||||
UCHAR SpareBytes[36]; // 0x1ac
|
||||
ULONG TxFsContext; // 0x1d0
|
||||
struct _GDI_TEB_BATCH32 GdiTebBatch; // 0x1d4
|
||||
struct _CLIENT_ID32 RealClientId; // 0x6b4
|
||||
ULONG GdiCachedProcessHandle; // 0x6bc
|
||||
ULONG GdiClientPID; // 0x6c0
|
||||
ULONG GdiClientTID; // 0x6c4
|
||||
ULONG GdiThreadLocalInfo; // 0x6c8
|
||||
ULONG Win32ClientInfo[62]; // 0x6cc
|
||||
ULONG glDispatchTable[233]; // 0x7c4
|
||||
ULONG glReserved1[29]; // 0xb68
|
||||
ULONG glReserved2; // 0xbdc
|
||||
ULONG glSectionInfo; // 0xbe0
|
||||
ULONG glSection; // 0xbe4
|
||||
ULONG glTable; // 0xbe8
|
||||
ULONG glCurrentRC; // 0xbec
|
||||
ULONG glContext; // 0xbf0
|
||||
ULONG LastStatusValue; // 0xbf4
|
||||
struct _STRING32 StaticUnicodeString; // 0xbf8
|
||||
WCHAR StaticUnicodeBuffer[261]; // 0xc00
|
||||
ULONG DeallocationStack; // 0xe0c
|
||||
ULONG TlsSlots[64]; // 0xe10
|
||||
struct LIST_ENTRY32 TlsLinks; // 0xf10
|
||||
ULONG Vdm; // 0xf18
|
||||
ULONG ReservedForNtRpc; // 0xf1c
|
||||
ULONG DbgSsReserved[2]; // 0xf20
|
||||
ULONG HardErrorMode; // 0xf28
|
||||
ULONG Instrumentation[9]; // 0xf2c
|
||||
struct _GUID ActivityId; // 0xf50
|
||||
ULONG SubProcessTag; // 0xf60
|
||||
ULONG EtwLocalData; // 0xf64
|
||||
ULONG EtwTraceData; // 0xf68
|
||||
ULONG WinSockData; // 0xf6c
|
||||
ULONG GdiBatchCount; // 0xf70
|
||||
union {
|
||||
struct _PROCESSOR_NUMBER CurrentIdealProcessor; // 0xf74
|
||||
ULONG IdealProcessorValue; // 0xf74
|
||||
struct {
|
||||
UCHAR ReservedPad0; // 0xf74
|
||||
UCHAR ReservedPad1; // 0xf75
|
||||
UCHAR ReservedPad2; // 0xf76
|
||||
UCHAR IdealProcessor; // 0xf77
|
||||
};
|
||||
};
|
||||
ULONG GuaranteedStackBytes; // 0xf78
|
||||
ULONG ReservedForPerf; // 0xf7c
|
||||
ULONG ReservedForOle; // 0xf80
|
||||
ULONG WaitingOnLoaderLock; // 0xf84
|
||||
ULONG SavedPriorityState; // 0xf88
|
||||
ULONG SoftPatchPtr1; // 0xf8c
|
||||
ULONG ThreadPoolData; // 0xf90
|
||||
ULONG TlsExpansionSlots; // 0xf94
|
||||
ULONG MuiGeneration; // 0xf98
|
||||
ULONG IsImpersonating; // 0xf9c
|
||||
ULONG NlsCache; // 0xfa0
|
||||
ULONG pShimData; // 0xfa4
|
||||
ULONG HeapVirtualAffinity; // 0xfa8
|
||||
ULONG CurrentTransactionHandle; // 0xfac
|
||||
ULONG ActiveFrame; // 0xfb0
|
||||
ULONG FlsData; // 0xfb4
|
||||
ULONG PreferredLanguages; // 0xfb8
|
||||
ULONG UserPrefLanguages; // 0xfbc
|
||||
ULONG MergedPrefLanguages; // 0xfc0
|
||||
ULONG MuiImpersonation; // 0xfc4
|
||||
union {
|
||||
volatile USHORT CrossTebFlags; // 0xfc8
|
||||
USHORT SpareCrossTebBits : 16; // 0xfc8
|
||||
};
|
||||
union {
|
||||
USHORT SameTebFlags; // 0xfca
|
||||
struct {
|
||||
USHORT SafeThunkCall : 1; // 0xfca
|
||||
USHORT InDebugPrint : 1; // 0xfca
|
||||
USHORT HasFiberData : 1; // 0xfca
|
||||
USHORT SkipThreadAttach : 1; // 0xfca
|
||||
USHORT WerInShipAssertCode : 1; // 0xfca
|
||||
USHORT RanProcessInit : 1; // 0xfca
|
||||
USHORT ClonedThread : 1; // 0xfca
|
||||
USHORT SuppressDebugMsg : 1; // 0xfca
|
||||
USHORT DisableUserStackWalk : 1; // 0xfca
|
||||
USHORT RtlExceptionAttached : 1; // 0xfca
|
||||
USHORT InitialThread : 1; // 0xfca
|
||||
USHORT SpareSameTebBits : 5; // 0xfca
|
||||
}SameTebFlagStruct;
|
||||
};
|
||||
ULONG TxnScopeEnterCallback; // 0xfcc
|
||||
ULONG TxnScopeExitCallback; // 0xfd0
|
||||
ULONG TxnScopeContext; // 0xfd4
|
||||
ULONG LockCount; // 0xfd8
|
||||
ULONG SpareUlong0; // 0xfdc
|
||||
ULONG ResourceRetValue; // 0xfe0
|
||||
}TEB32;
|
||||
|
||||
// 0x1818 bytes (sizeof)
|
||||
typedef struct _TEB64 {
|
||||
struct _NT_TIB64 NtTib; // 0x0
|
||||
ULONGLONG EnvironmentPointer; // 0x38
|
||||
struct _CLIENT_ID64 ClientId; // 0x40
|
||||
ULONGLONG ActiveRpcHandle; // 0x50
|
||||
ULONGLONG ThreadLocalStoragePointer; // 0x58
|
||||
ULONGLONG ProcessEnvironmentBlock; // 0x60
|
||||
ULONG LastErrorValue; // 0x68
|
||||
ULONG CountOfOwnedCriticalSections; // 0x6c
|
||||
ULONGLONG CsrClientThread; // 0x70
|
||||
ULONGLONG Win32ThreadInfo; // 0x78
|
||||
ULONG User32Reserved[26]; // 0x80
|
||||
ULONG UserReserved[5]; // 0xe8
|
||||
ULONGLONG WOW32Reserved; // 0x100
|
||||
ULONG CurrentLocale; // 0x108
|
||||
ULONG FpSoftwareStatusRegister; // 0x10c
|
||||
ULONGLONG SystemReserved1[54]; // 0x110
|
||||
LONG ExceptionCode; // 0x2c0
|
||||
ULONGLONG ActivationContextStackPointer; // 0x2c8
|
||||
UCHAR SpareBytes[24]; // 0x2d0
|
||||
ULONG TxFsContext; // 0x2e8
|
||||
struct _GDI_TEB_BATCH64 GdiTebBatch; // 0x2f0
|
||||
struct _CLIENT_ID64 RealClientId; // 0x7d8
|
||||
ULONGLONG GdiCachedProcessHandle; // 0x7e8
|
||||
ULONG GdiClientPID; // 0x7f0
|
||||
ULONG GdiClientTID; // 0x7f4
|
||||
ULONGLONG GdiThreadLocalInfo; // 0x7f8
|
||||
ULONGLONG Win32ClientInfo[62]; // 0x800
|
||||
ULONGLONG glDispatchTable[233]; // 0x9f0
|
||||
ULONGLONG glReserved1[29]; // 0x1138
|
||||
ULONGLONG glReserved2; // 0x1220
|
||||
ULONGLONG glSectionInfo; // 0x1228
|
||||
ULONGLONG glSection; // 0x1230
|
||||
ULONGLONG glTable; // 0x1238
|
||||
ULONGLONG glCurrentRC; // 0x1240
|
||||
ULONGLONG glContext; // 0x1248
|
||||
ULONG LastStatusValue; // 0x1250
|
||||
struct _STRING64 StaticUnicodeString; // 0x1258
|
||||
WCHAR StaticUnicodeBuffer[261]; // 0x1268
|
||||
ULONGLONG DeallocationStack; // 0x1478
|
||||
ULONGLONG TlsSlots[64]; // 0x1480
|
||||
struct LIST_ENTRY64 TlsLinks; // 0x1680
|
||||
ULONGLONG Vdm; // 0x1690
|
||||
ULONGLONG ReservedForNtRpc; // 0x1698
|
||||
ULONGLONG DbgSsReserved[2]; // 0x16a0
|
||||
ULONG HardErrorMode; // 0x16b0
|
||||
ULONGLONG Instrumentation[11]; // 0x16b8
|
||||
struct _GUID ActivityId; // 0x1710
|
||||
ULONGLONG SubProcessTag; // 0x1720
|
||||
ULONGLONG EtwLocalData; // 0x1728
|
||||
ULONGLONG EtwTraceData; // 0x1730
|
||||
ULONGLONG WinSockData; // 0x1738
|
||||
ULONG GdiBatchCount; // 0x1740
|
||||
union {
|
||||
struct _PROCESSOR_NUMBER CurrentIdealProcessor; // 0x1744
|
||||
ULONG IdealProcessorValue; // 0x1744
|
||||
struct {
|
||||
UCHAR ReservedPad0; // 0x1744
|
||||
UCHAR ReservedPad1; // 0x1745
|
||||
UCHAR ReservedPad2; // 0x1746
|
||||
UCHAR IdealProcessor; // 0x1747
|
||||
};
|
||||
};
|
||||
ULONG GuaranteedStackBytes; // 0x1748
|
||||
ULONGLONG ReservedForPerf; // 0x1750
|
||||
ULONGLONG ReservedForOle; // 0x1758
|
||||
ULONG WaitingOnLoaderLock; // 0x1760
|
||||
ULONGLONG SavedPriorityState; // 0x1768
|
||||
ULONGLONG SoftPatchPtr1; // 0x1770
|
||||
ULONGLONG ThreadPoolData; // 0x1778
|
||||
ULONGLONG TlsExpansionSlots; // 0x1780
|
||||
ULONGLONG DeallocationBStore; // 0x1788
|
||||
ULONGLONG BStoreLimit; // 0x1790
|
||||
ULONG MuiGeneration; // 0x1798
|
||||
ULONG IsImpersonating; // 0x179c
|
||||
ULONGLONG NlsCache; // 0x17a0
|
||||
ULONGLONG pShimData; // 0x17a8
|
||||
ULONG HeapVirtualAffinity; // 0x17b0
|
||||
ULONGLONG CurrentTransactionHandle; // 0x17b8
|
||||
ULONGLONG ActiveFrame; // 0x17c0
|
||||
ULONGLONG FlsData; // 0x17c8
|
||||
ULONGLONG PreferredLanguages; // 0x17d0
|
||||
ULONGLONG UserPrefLanguages; // 0x17d8
|
||||
ULONGLONG MergedPrefLanguages; // 0x17e0
|
||||
ULONG MuiImpersonation; // 0x17e8
|
||||
union {
|
||||
volatile USHORT CrossTebFlags; // 0x17ec
|
||||
USHORT SpareCrossTebBits : 16; // 0x17ec
|
||||
};
|
||||
union {
|
||||
USHORT SameTebFlags; // 0x17ee
|
||||
struct {
|
||||
USHORT SafeThunkCall : 1; // 0x17ee
|
||||
USHORT InDebugPrint : 1; // 0x17ee
|
||||
USHORT HasFiberData : 1; // 0x17ee
|
||||
USHORT SkipThreadAttach : 1; // 0x17ee
|
||||
USHORT WerInShipAssertCode : 1; // 0x17ee
|
||||
USHORT RanProcessInit : 1; // 0x17ee
|
||||
USHORT ClonedThread : 1; // 0x17ee
|
||||
USHORT SuppressDebugMsg : 1; // 0x17ee
|
||||
USHORT DisableUserStackWalk : 1; // 0x17ee
|
||||
USHORT RtlExceptionAttached : 1; // 0x17ee
|
||||
USHORT InitialThread : 1; // 0x17ee
|
||||
USHORT SpareSameTebBits : 5; // 0x17ee
|
||||
}SameTebFlagStruct;
|
||||
};
|
||||
ULONGLONG TxnScopeEnterCallback; // 0x17f0
|
||||
ULONGLONG TxnScopeExitCallback; // 0x17f8
|
||||
ULONGLONG TxnScopeContext; // 0x1800
|
||||
ULONG LockCount; // 0x1808
|
||||
ULONG SpareUlong0; // 0x180c
|
||||
ULONGLONG ResourceRetValue; // 0x1810
|
||||
}TEB64;
|
||||
Reference in New Issue
Block a user