Last active
July 27, 2021 16:09
-
-
Save mrexodia/ffb4d35056a3d9a0068b to your computer and use it in GitHub Desktop.
universal PEB structure
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #ifndef _UNDOCUMENTED_H | |
| #define _UNDOCUMENTED_H | |
| #include <windows.h> | |
| namespace Undocumented | |
| { | |
| #pragma pack(push) | |
| #pragma pack(1) | |
| template <class T> | |
| struct LIST_ENTRY_T | |
| { | |
| T Flink; | |
| T Blink; | |
| }; | |
| template <class T> | |
| struct UNICODE_STRING_T | |
| { | |
| union | |
| { | |
| struct | |
| { | |
| WORD Length; | |
| WORD MaximumLength; | |
| }; | |
| T dummy; | |
| }; | |
| T _Buffer; | |
| }; | |
| template <class T, class NGF, int A> | |
| struct _PEB_T | |
| { | |
| union | |
| { | |
| struct | |
| { | |
| BYTE InheritedAddressSpace; | |
| BYTE ReadImageFileExecOptions; | |
| BYTE BeingDebugged; | |
| BYTE BitField; | |
| }; | |
| T dummy01; | |
| }; | |
| T Mutant; | |
| T ImageBaseAddress; | |
| T Ldr; | |
| T ProcessParameters; | |
| T SubSystemData; | |
| T ProcessHeap; | |
| T FastPebLock; | |
| T AtlThunkSListPtr; | |
| T IFEOKey; | |
| T CrossProcessFlags; | |
| T UserSharedInfoPtr; | |
| DWORD SystemReserved; | |
| DWORD AtlThunkSListPtr32; | |
| T ApiSetMap; | |
| T TlsExpansionCounter; | |
| T TlsBitmap; | |
| DWORD TlsBitmapBits[2]; | |
| T ReadOnlySharedMemoryBase; | |
| T HotpatchInformation; | |
| T ReadOnlyStaticServerData; | |
| T AnsiCodePageData; | |
| T OemCodePageData; | |
| T UnicodeCaseTableData; | |
| DWORD NumberOfProcessors; | |
| union | |
| { | |
| DWORD NtGlobalFlag; | |
| NGF dummy02; | |
| }; | |
| LARGE_INTEGER CriticalSectionTimeout; | |
| T HeapSegmentReserve; | |
| T HeapSegmentCommit; | |
| T HeapDeCommitTotalFreeThreshold; | |
| T HeapDeCommitFreeBlockThreshold; | |
| DWORD NumberOfHeaps; | |
| DWORD MaximumNumberOfHeaps; | |
| T ProcessHeaps; | |
| T GdiSharedHandleTable; | |
| T ProcessStarterHelper; | |
| T GdiDCAttributeList; | |
| T LoaderLock; | |
| DWORD OSMajorVersion; | |
| DWORD OSMinorVersion; | |
| WORD OSBuildNumber; | |
| WORD OSCSDVersion; | |
| DWORD OSPlatformId; | |
| DWORD ImageSubsystem; | |
| DWORD ImageSubsystemMajorVersion; | |
| T ImageSubsystemMinorVersion; | |
| T ActiveProcessAffinityMask; | |
| T GdiHandleBuffer[A]; | |
| T PostProcessInitRoutine; | |
| T TlsExpansionBitmap; | |
| DWORD TlsExpansionBitmapBits[32]; | |
| T SessionId; | |
| ULARGE_INTEGER AppCompatFlags; | |
| ULARGE_INTEGER AppCompatFlagsUser; | |
| T pShimData; | |
| T AppCompatInfo; | |
| Undocumented::UNICODE_STRING_T<T> CSDVersion; | |
| T ActivationContextData; | |
| T ProcessAssemblyStorageMap; | |
| T SystemDefaultActivationContextData; | |
| T SystemAssemblyStorageMap; | |
| T MinimumStackCommit; | |
| T FlsCallback; | |
| Undocumented::LIST_ENTRY_T<T> FlsListHead; | |
| T FlsBitmap; | |
| DWORD FlsBitmapBits[4]; | |
| T FlsHighIndex; | |
| T WerRegistrationData; | |
| T WerShipAssertPtr; | |
| T pContextData; | |
| T pImageHeaderHash; | |
| T TracingFlags; | |
| }; | |
| typedef _PEB_T<DWORD, DWORD64, 34> PEB32; | |
| typedef _PEB_T<DWORD64, DWORD, 30> PEB64; | |
| #pragma pack(pop) | |
| #ifdef _WIN64 //x64 | |
| typedef PEB64 PEB; | |
| #else //x86 | |
| typedef PEB32 PEB; | |
| #endif //_WIN64 | |
| } | |
| #endif // _UNDOCUMENTED_H |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment