R5Reloaded/r5sdk
1
0
Fork 0
mirror of https://github.com/Mauler125/r5sdk.git synced 2025-02-09 19:15:03 +01:00
Code Issues Packages Projects Releases Wiki Activity
r5sdk/r5dev/windows/tebpeb64.h

311 lines
15 KiB
C
Raw Normal View History

CModule and CMemory class improvements This commit significantly reduces output code size, and a noticeable increase in performance. Changes are: - Removed all extraneous std::string and std::vector copy constructions; use raw pointers instead to boost performance. - Marked simple getters in CModule inline. - Marked several functions in CModule const. - Slightly reordered CModule class. - 'CMemory::CheckOpCodes' and 'CMemory::Patch' now take a const reference.
2023-06-12 18:40:16 +02:00
//
// [TEB/PEB UNDER 64-BIT WINDOWS]
// This file represents the 64-bit PEB and associated data structures for 64-bit Windows
// This PEB is allegedly valid between XP thru [at least] Windows 8
//
// [REFERENCES]
// http://terminus.rewolf.pl/terminus/structures/ntdll/_PEB_x64.html
// http://terminus.rewolf.pl/terminus/structures/ntdll/_TEB64_x86.html
// https://github.com/giampaolo/psutil/commit/babd2b73538fcb6f3931f0ab6d9c100df6f37bcb (RTL_USER_PROCESS_PARAMETERS)
// https://redplait.blogspot.com/2011/09/w8-64bit-teb-peb.html (TEB)
//
// [CHANGELIST]
// 2018-05-02: -now can be compiled alongside windows.h (without changes) or by defining WANT_ALL_WINDOWS_H_DEFINITIONS so this file can be used standalone
// -this file may also be included alongside tebpeb32.h which can be found at http://bytepointer.com/resources/tebpeb32.h
// -64-bit types no longer clash with the 32-bit ones; e.g. UNICODE_STRING64, RTL_USER_PROCESS_PARAMETERS64, PEB64 (same result whether 32 or 64-bit compiler is used)
// -added more QWORD aliases (i.e. HANDLE64 and PTR64) so underlying types are clearer, however most PEB members remain generic QWORD placeholders for now
// -fixed missing semicolon bug in UNICODE_STRING64
// -added prliminary RTL_USER_PROCESS_PARAMETERS64 and TEB64 with offsets
// -included byte offsets for PEB64
//
// 2017-08-25: initial public release
//
Add missing include guards Causes compile errors.
2023-06-25 08:57:10 +02:00
#ifndef TEBPEB_64_H
#define TEBPEB_64_H
CModule and CMemory class improvements This commit significantly reduces output code size, and a noticeable increase in performance. Changes are: - Removed all extraneous std::string and std::vector copy constructions; use raw pointers instead to boost performance. - Marked simple getters in CModule inline. - Marked several functions in CModule const. - Slightly reordered CModule class. - 'CMemory::CheckOpCodes' and 'CMemory::Patch' now take a const reference.
2023-06-12 18:40:16 +02:00
//
// base types
//
#include "Windows.h"
typedef struct _PEB_LDR_DATA
{
ULONG Length;
BOOLEAN Initialized;
HANDLE SsHandle;
LIST_ENTRY InLoadOrderModuleList;
LIST_ENTRY InMemoryOrderModuleList;
LIST_ENTRY InInitializationOrderModuleList;
PVOID EntryInProgress;
BOOLEAN ShutdownInProgress;
HANDLE ShutdownThreadId;
} PEB_LDR_DATA, * PPEB_LDR_DATA;
//always declare 64-bit types
#ifdef _MSC_VER
//Visual C++
typedef unsigned __int64 QWORD;
typedef __int64 INT64;
#else
//GCC
typedef unsigned long long QWORD;
typedef long long INT64;
#endif
typedef QWORD PTR64;
//UNCOMMENT line below if you are not including windows.h
//#define WANT_ALL_WINDOWS_H_DEFINITIONS
#ifdef WANT_ALL_WINDOWS_H_DEFINITIONS
//base types
typedef unsigned char BYTE;
typedef char CHAR;
typedef unsigned short WORD;
typedef short INT16;
typedef unsigned long DWORD;
typedef long INT32;
typedef unsigned __int64 QWORD;
typedef __int64 INT64;
typedef void* HANDLE;
typedef unsigned short WCHAR;
//base structures
union LARGE_INTEGER
{
struct
{
DWORD LowPart;
INT32 HighPart;
} u;
INT64 QuadPart;
};
union ULARGE_INTEGER
{
struct
{
DWORD LowPart;
DWORD HighPart;
} u;
QWORD QuadPart;
};
#endif //#ifdef WANT_ALL_WINDOWS_H_DEFINITIONS
struct UNICODE_STRING64
{
union
{
struct
{
WORD Length;
WORD MaximumLength;
} u;
QWORD dummyalign;
};
QWORD Buffer;
};
typedef struct _CLIENT_ID64
{
QWORD ProcessId;
QWORD ThreadId;
} CLIENT_ID64;
typedef struct _LDR_DATA_TABLE_ENTRY
{
LIST_ENTRY InLoadOrderLinks;
LIST_ENTRY InMemoryOrderLinks;
union
{
LIST_ENTRY InInitializationOrderLinks;
LIST_ENTRY InProgressLinks;
};
PVOID DllBase;
PVOID EntryPoint;
ULONG SizeOfImage;
UNICODE_STRING64 FullDllName;
UNICODE_STRING64 BaseDllName;
} LDR_DATA_TABLE_ENTRY, * PLDR_DATA_TABLE_ENTRY;// [ PIXIE ]: Narrowed down version, don't need full.
//NOTE: the members of this structure are not yet complete
typedef struct _RTL_USER_PROCESS_PARAMETERS64
{
BYTE Reserved1[16]; //0x00
QWORD Reserved2[5]; //0x10
UNICODE_STRING64 CurrentDirectoryPath; //0x38
QWORD CurrentDirectoryHandle; //0x48
UNICODE_STRING64 DllPath; //0x50
UNICODE_STRING64 ImagePathName; //0x60
UNICODE_STRING64 CommandLine; //0x70
PTR64 Environment; //0x80
} RTL_USER_PROCESS_PARAMETERS64;
//
// PEB64 structure - TODO: comb more through http://terminus.rewolf.pl/terminus/structures/ntdll/_PEB_x64.html and add OS delineations and Windows 10 updates
//
// The structure represented here is a work-in-progress as only members thru offset 0x320 are listed; the actual sizes per OS are:
// 0x0358 XP/WS03
// 0x0368 Vista
// 0x037C Windows 7
// 0x0388 Windows 8
// 0x07A0 Windows 10
//
struct PEB64
{
union
{
struct
{
BYTE InheritedAddressSpace; //0x000
BYTE ReadImageFileExecOptions; //0x001
BYTE BeingDebugged; //0x002
BYTE _SYSTEM_DEPENDENT_01; //0x003
} flags;
QWORD dummyalign;
} dword0;
QWORD Mutant; //0x0008
QWORD ImageBaseAddress; //0x0010
PPEB_LDR_DATA Ldr; //0x0018
PTR64 ProcessParameters; //0x0020 / pointer to RTL_USER_PROCESS_PARAMETERS64
QWORD SubSystemData; //0x0028
QWORD ProcessHeap; //0x0030
QWORD FastPebLock; //0x0038
QWORD _SYSTEM_DEPENDENT_02; //0x0040
QWORD _SYSTEM_DEPENDENT_03; //0x0048
QWORD _SYSTEM_DEPENDENT_04; //0x0050
union
{
QWORD KernelCallbackTable; //0x0058
QWORD UserSharedInfoPtr; //0x0058
};
DWORD SystemReserved; //0x0060
DWORD _SYSTEM_DEPENDENT_05; //0x0064
QWORD _SYSTEM_DEPENDENT_06; //0x0068
QWORD TlsExpansionCounter; //0x0070
QWORD TlsBitmap; //0x0078
DWORD TlsBitmapBits[2]; //0x0080
QWORD ReadOnlySharedMemoryBase; //0x0088
QWORD _SYSTEM_DEPENDENT_07; //0x0090
QWORD ReadOnlyStaticServerData; //0x0098
QWORD AnsiCodePageData; //0x00A0
QWORD OemCodePageData; //0x00A8
QWORD UnicodeCaseTableData; //0x00B0
DWORD NumberOfProcessors; //0x00B8
union
{
DWORD NtGlobalFlag; //0x00BC
DWORD dummy02; //0x00BC
};
LARGE_INTEGER CriticalSectionTimeout; //0x00C0
QWORD HeapSegmentReserve; //0x00C8
QWORD HeapSegmentCommit; //0x00D0
QWORD HeapDeCommitTotalFreeThreshold; //0x00D8
QWORD HeapDeCommitFreeBlockThreshold; //0x00E0
DWORD NumberOfHeaps; //0x00E8
DWORD MaximumNumberOfHeaps; //0x00EC
QWORD ProcessHeaps; //0x00F0
QWORD GdiSharedHandleTable; //0x00F8
QWORD ProcessStarterHelper; //0x0100
QWORD GdiDCAttributeList; //0x0108
QWORD LoaderLock; //0x0110
DWORD OSMajorVersion; //0x0118
DWORD OSMinorVersion; //0x011C
WORD OSBuildNumber; //0x0120
WORD OSCSDVersion; //0x0122
DWORD OSPlatformId; //0x0124
DWORD ImageSubsystem; //0x0128
DWORD ImageSubsystemMajorVersion; //0x012C
QWORD ImageSubsystemMinorVersion; //0x0130
union
{
QWORD ImageProcessAffinityMask; //0x0138
QWORD ActiveProcessAffinityMask; //0x0138
};
QWORD GdiHandleBuffer[30]; //0x0140
QWORD PostProcessInitRoutine; //0x0230
QWORD TlsExpansionBitmap; //0x0238
DWORD TlsExpansionBitmapBits[32]; //0x0240
QWORD SessionId; //0x02C0
ULARGE_INTEGER AppCompatFlags; //0x02C8
ULARGE_INTEGER AppCompatFlagsUser; //0x02D0
QWORD pShimData; //0x02D8
QWORD AppCompatInfo; //0x02E0
UNICODE_STRING64 CSDVersion; //0x02E8
QWORD ActivationContextData; //0x02F8
QWORD ProcessAssemblyStorageMap; //0x0300
QWORD SystemDefaultActivationContextData; //0x0308
QWORD SystemAssemblyStorageMap; //0x0310
QWORD MinimumStackCommit; //0x0318
}; //struct PEB64
//
// TEB64 structure - preliminary structure; the portion listed current at least as of Windows 8
//
struct TEB64
{
More reversed TEB64 structure
2023-09-11 01:32:11 +02:00
NT_TIB64 NtTib; //0x0000
PVOID EnvironmentPointer; //0x0038
CModule and CMemory class improvements This commit significantly reduces output code size, and a noticeable increase in performance. Changes are: - Removed all extraneous std::string and std::vector copy constructions; use raw pointers instead to boost performance. - Marked simple getters in CModule inline. - Marked several functions in CModule const. - Slightly reordered CModule class. - 'CMemory::CheckOpCodes' and 'CMemory::Patch' now take a const reference.
2023-06-12 18:40:16 +02:00
CLIENT_ID64 ClientId; //0x0040
More reversed TEB64 structure
2023-09-11 01:32:11 +02:00
PVOID ActiveRpcInfo; //0x0050
PVOID ThreadLocalStoragePointer; //0x0058
PEB64* ProcessEnvironmentBlock; //0x0060
ULONG LastErrorValue; //0x0068
ULONG CountOfOwnedCriticalSections; //0x006C
PVOID CsrClientThread; //0x0070
PVOID Win32ThreadInfo; //0x0078
ULONG Win32ClientInfo[0x1F]; //0x0080
PVOID WOW32Reserved; //0x0100
ULONG CurrentLocale; //0x0108
ULONG FpSoftwareStatusRegister; //0x010C
PVOID SystemReserved1[0x36]; //0x0110
PVOID Spare1; //0x02C0
ULONG ExceptionCode; //0x02C8
PVOID ActivationContextStackPointer; //0x02D0
ULONG SpareBytes1[0x26]; //0x02D8
PVOID SystemReserved2[0xA]; //0x0370
ULONG GdiRgn; //0x03C0
ULONG GdiPen; //0x03C4
ULONG GdiBrush; //0x03C8
CLIENT_ID64 RealClientId; //0x03D0
PVOID GdiCachedProcessHandle; //0x03E0
ULONG GdiClientPID; //0x03E8
ULONG GdiClientTID; //0x03EC
PVOID GdiThreadLocaleInfo; //0x03F0
PVOID UserReserved[5]; //0x03F8
PVOID GlDispatchTable[0x118]; //0x0420
ULONG GlReserved1[0x1A]; //0x0CE0
PVOID GlReserved2; //0x0D48
PVOID GlSectionInfo; //0x0D50
PVOID GlSection; //0x0D58
PVOID GlTable; //0x0D60
PVOID GlCurrentRC; //0x0D68
PVOID GlContext; //0x0D70
NTSTATUS LastStatusValue; //0x0D78
UNICODE_STRING64 StaticUnicodeString; //0x0D80
WCHAR StaticUnicodeBuffer[0x105]; //0x0D90
PVOID DeallocationStack; //0x0FA0
PVOID TlsSlots[0x40]; //0x0FA9
LIST_ENTRY TlsLinks; //0x11A8
PVOID Vdm; //0x11B8
PVOID ReservedForNtRpc; //0x11C0
PVOID DbgSsReserved[0x2]; //0x11C8
ULONG HardErrorDisabled; //0x11D8
PVOID Instrumentation[0x10]; //0x11E0
PVOID WinSockData; //0x1260
ULONG GdiBatchCount; //0x1268
ULONG Spare2; //0x126C
ULONG Spare3; //0x1270
ULONG Spare4; //0x1274
PVOID ReservedForOle; //0x1278
ULONG WaitingOnLoaderLock; //0x1280
PVOID StackCommit; //0x1288
PVOID StackCommitMax; //0x1290
PVOID StackReserved; //0x1298
PVOID TlsExpansionSlots; //0x12A0
};
Add missing include guards Causes compile errors.
2023-06-25 08:57:10 +02:00
#endif // TEBPEB_64_H
Reference in New Issue Copy Permalink