-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathPEB.hpp
141 lines (120 loc) · 2.98 KB
/
PEB.hpp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
/*
* ArgX - Better command line processing for Widnows.
*
* Copyright (c) 2019 Alastair J. Houghton.
*
*/
#ifndef ARGX_PEB_H_
#define ARGX_PEB_H_
namespace innards {
typedef DWORD POINTER32;
typedef DWORD64 POINTER64;
template <class PTR>
struct TEB {
PTR ExceptionList;
PTR StackBase;
PTR StackLimit;
PTR SubSystemTIB;
PTR FiberData;
PTR ArbitraryUserPOinter;
PTR Self;
PTR EnvironmentPointer;
PTR UniqueProcess;
PTR UniqueThread;
PTR ActiveRPCHandle;
PTR ThreadLocalStoragePointer;
PTR ProcessEnvironmentBlock;
};
typedef TEB<POINTER32> TEB32;
typedef TEB<POINTER64> TEB64;
template <class PTR>
struct PEB {
UCHAR InheritedAddressSpace;
UCHAR ReadImageFileExecOptions;
UCHAR BeingDebugged;
UCHAR Flags;
PTR Mutant;
PTR ImageBaseAddress;
PTR Ldr;
PTR ProcessParameters;
};
typedef PEB<POINTER32> PEB32;
typedef PEB<POINTER64> PEB64;
template <class PTR>
struct UNISTR {
USHORT Length;
USHORT MaximumLength;
PTR Buffer;
};
typedef UNISTR<POINTER32> UNISTR32;
typedef UNISTR<POINTER64> UNISTR64;
template <class PTR>
struct CURDIR {
UNISTR<PTR> DosPath;
PTR Handle;
};
typedef CURDIR<POINTER32> CURDIR32;
typedef CURDIR<POINTER64> CURDIR64;
template <class PTR>
struct RTL_USER_PROCESS_PARAMS {
ULONG MaximumLength;
ULONG Length;
ULONG Flags;
ULONG DebugFlags;
PTR ConsoleHandle;
ULONG ConsoleFlags;
PTR StandardInput;
PTR StandardOutput;
PTR StandardError;
struct CURDIR<PTR> CurrentDirectory;
struct UNISTR<PTR> DllPath;
struct UNISTR<PTR> ImagePathName;
struct UNISTR<PTR> CommandLine;
PTR Environment;
};
typedef RTL_USER_PROCESS_PARAMS<POINTER32> RTL_USER_PROCESS_PARAMS32;
typedef RTL_USER_PROCESS_PARAMS<POINTER64> RTL_USER_PROCESS_PARAMS64;
template <class PTR>
struct LIST_ENTRY {
PTR Flink;
PTR Blink;
};
typedef LIST_ENTRY<POINTER32> LIST_ENTRY32;
typedef LIST_ENTRY<POINTER64> LIST_ENTRY64;
template <class PTR>
struct LDR_DATA_TABLE_ENTRY
{
LIST_ENTRY<PTR> InLoadOrderLinks;
LIST_ENTRY<PTR> InMemoryOrderLinks;
LIST_ENTRY<PTR> InInitializationOrderLinks;
PTR DllBase;
PTR EntryPoint;
union {
DWORD SizeOfImage;
PTR Reserved;
};
UNISTR<PTR> FullDllName;
UNISTR<PTR> BaseDllName;
DWORD Flags;
WORD LoadCount;
WORD TlsIndex;
};
typedef LDR_DATA_TABLE_ENTRY<POINTER32> LDR_DATA_TABLE_ENTRY32;
typedef LDR_DATA_TABLE_ENTRY<POINTER64> LDR_DATA_TABLE_ENTRY64;
template <class PTR>
struct LDR_DATA
{
DWORD Length;
DWORD Initialized;
PTR SsHandle;
LIST_ENTRY<PTR> InLoadOrderModuleList;
LIST_ENTRY<PTR> InMemoryOrderModuleList;
LIST_ENTRY<PTR> InInitializationOrderModuleList;
PTR EntryInProgress;
DWORD ShutdownInProcess;
PTR ShutdownThreadId;
};
typedef LDR_DATA<POINTER32> LDR_DATA32;
typedef LDR_DATA<POINTER64> LDR_DATA64;
}
#endif /* ARGX_PEB_H_ */