herrcore · October 21, 2021 21:43
diff --git a/PEB_UNIVERSAL.h b/PEB_UNIVERSAL.h
 struct PEB_UNIVERSAL
 {
    BOOLEAN                         InheritedAddressSpace;              //0x0000
    BOOLEAN                         ReadImageFileExecOptions;           //0x0001
    BOOLEAN                         BeingDebugged;                      //0x0002
    BYTE                            byte3;
    HANDLE                          Mutant;                             //0x0004
    void*                           ImageBaseAddress;                   //0x0008
    PEB_LDR_DATA*                   Ldr;                                //0x000C  
    RTL_USER_PROCESS_PARAMETERS*    ProcessParameters;                  //0x0010
    void*                           SubSystemData;                      //0x0014
    void*                           ProcessHeap;                        //0x0018
    RTL_CRITICAL_SECTION*           FastPebLock;                        //0x001C
    void*                           dword20;
    void*                           dword24;
    DWORD                           dword28;      
    DWORD                           dword2C;
    DWORD                           SystemReserved;                     //0x0030
    DWORD                           dword34;
    DWORD                           dword38;
    DWORD                           TlsExpansionCounter;                //0x003C
    void*                           TlsBitmap;                          //0x0040
    DWORD                           TlsBitmapBits[2];                   //0x0044
    void*                           ReadOnlySharedMemoryBase;           //0x004C
    DWORD                           dword50;
    void**                          ReadOnlyStaticServerData;           //0x0054
    void*                           AnsiCodePageData;                   //0x0058
    void*                           OemCodePageData;                    //0x005C
    void*                           UnicodeCaseTableData;               //0x0060
    DWORD                           NumberOfProcessors;                 //0x0064
    DWORD                           NtGlobalFlag;                       //0x0068
    LARGE_INTEGER                   CriticalSectionTimeout;             //0x0070
    DWORD                           HeapSegmentReserve;                 //0x0078
    DWORD                           HeapSegmentCommit;                  //0x007C
    DWORD                           HeapDeCommitTotalFreeThreshold;     //0x0080
    DWORD                           HeapDeCommitFreeBlockThreshold;     //0x0084
    DWORD                           NumberOfHeaps;                      //0x0088
    DWORD                           MaximumNumberOfHeaps;               //0x008C
    void**                          ProcessHeaps;                       //0x0090
    void*                           GdiSharedHandleTable;               //0x0094
    void*                           ProcessStarterHelper;               //0x0098
    DWORD                           GdiDCAttributeList;                 //0x009C
    DWORD                           dwordA0;
    DWORD                           OSMajorVersion;                     //0x00A4
    DWORD                           OSMinorVersion;                     //0x00A8
    WORD                            OSBuildNumber;                      //0x00AC
    WORD                            OSCSDVersion;                       //0x00AE
    DWORD                           OSPlatformId;                       //0x00B0
    DWORD                           ImageSubsystem;                     //0x00B4
    DWORD                           ImageSubsystemMajorVersion;         //0x00B8
    DWORD                           ImageSubsystemMinorVersion;         //0x00BC
    DWORD                           dwordC0;
    DWORD                           GdiHandleBuffer[0x22];              //0x00C4
    void*                           PostProcessInitRoutine;             //0x014C 
    void*                           TlsExpansionBitmap;                 //0x0150
    DWORD                           TlsExpansionBitmapBits[0x20];       //0x0154
    DWORD                           SessionId;                          //0x01D4
    ULARGE_INTEGER                  AppCompatFlags;                     //0x01D8
    ULARGE_INTEGER                  AppCompatFlagsUser;                 //0x01E0
    void*                           pShimData;                          //0x01E8
    void*                           AppCompatInfo;                      //0x01EC
    UNICODE_STRING                  CSDVersion;                         //0x01F0
    void*        ActivationContextData;              //0x01F8
    void*           ProcessAssemblyStorageMap;          //0x01FC
    void*        SystemDefaultActivationContextData; //0x0200
    void*           SystemAssemblyStorageMap;           //0x0204
    DWORD                           MinimumStackCommit;                 //0x0208
    void*              FlsCallback;                        //0x020C
    LIST_ENTRY                      FlsListHead;                        //0x0210
    void*                           FlsBitmap;                          //0x0218
    DWORD                           FlsBitmapBits[4];                   //0x021C
    DWORD                           FlsHighIndex;                       //0x022C
    void*                           WerRegistrationData;                //0x0230
    void*                           WerShipAssertPtr;                   //0x0234
    DWORD                           dword238;
    void*                           pImageHeaderHash;                   //0x023C
 };
	struct PEB_UNIVERSAL
	{
	BOOLEAN InheritedAddressSpace; //0x0000
	BOOLEAN ReadImageFileExecOptions; //0x0001
	BOOLEAN BeingDebugged; //0x0002
	BYTE byte3;
	HANDLE Mutant; //0x0004
	void* ImageBaseAddress; //0x0008
	PEB_LDR_DATA* Ldr; //0x000C
	RTL_USER_PROCESS_PARAMETERS* ProcessParameters; //0x0010
	void* SubSystemData; //0x0014
	void* ProcessHeap; //0x0018
	RTL_CRITICAL_SECTION* FastPebLock; //0x001C
	void* dword20;
	void* dword24;
	DWORD dword28;
	DWORD dword2C;
	DWORD SystemReserved; //0x0030
	DWORD dword34;
	DWORD dword38;
	DWORD TlsExpansionCounter; //0x003C
	void* TlsBitmap; //0x0040
	DWORD TlsBitmapBits[2]; //0x0044
	void* ReadOnlySharedMemoryBase; //0x004C
	DWORD dword50;
	void** ReadOnlyStaticServerData; //0x0054
	void* AnsiCodePageData; //0x0058
	void* OemCodePageData; //0x005C
	void* UnicodeCaseTableData; //0x0060
	DWORD NumberOfProcessors; //0x0064
	DWORD NtGlobalFlag; //0x0068
	LARGE_INTEGER CriticalSectionTimeout; //0x0070
	DWORD HeapSegmentReserve; //0x0078
	DWORD HeapSegmentCommit; //0x007C
	DWORD HeapDeCommitTotalFreeThreshold; //0x0080
	DWORD HeapDeCommitFreeBlockThreshold; //0x0084
	DWORD NumberOfHeaps; //0x0088
	DWORD MaximumNumberOfHeaps; //0x008C
	void** ProcessHeaps; //0x0090
	void* GdiSharedHandleTable; //0x0094
	void* ProcessStarterHelper; //0x0098
	DWORD GdiDCAttributeList; //0x009C
	DWORD dwordA0;
	DWORD OSMajorVersion; //0x00A4
	DWORD OSMinorVersion; //0x00A8
	WORD OSBuildNumber; //0x00AC
	WORD OSCSDVersion; //0x00AE
	DWORD OSPlatformId; //0x00B0
	DWORD ImageSubsystem; //0x00B4
	DWORD ImageSubsystemMajorVersion; //0x00B8
	DWORD ImageSubsystemMinorVersion; //0x00BC
	DWORD dwordC0;
	DWORD GdiHandleBuffer[0x22]; //0x00C4
	void* PostProcessInitRoutine; //0x014C
	void* TlsExpansionBitmap; //0x0150
	DWORD TlsExpansionBitmapBits[0x20]; //0x0154
	DWORD SessionId; //0x01D4
	ULARGE_INTEGER AppCompatFlags; //0x01D8
	ULARGE_INTEGER AppCompatFlagsUser; //0x01E0
	void* pShimData; //0x01E8
	void* AppCompatInfo; //0x01EC
	UNICODE_STRING CSDVersion; //0x01F0
	void* ActivationContextData; //0x01F8
	void* ProcessAssemblyStorageMap; //0x01FC
	void* SystemDefaultActivationContextData; //0x0200
	void* SystemAssemblyStorageMap; //0x0204
	DWORD MinimumStackCommit; //0x0208
	void* FlsCallback; //0x020C
	LIST_ENTRY FlsListHead; //0x0210
	void* FlsBitmap; //0x0218
	DWORD FlsBitmapBits[4]; //0x021C
	DWORD FlsHighIndex; //0x022C
	void* WerRegistrationData; //0x0230
	void* WerShipAssertPtr; //0x0234
	DWORD dword238;
	void* pImageHeaderHash; //0x023C
	};