forked from FusixGit/MemoryModule
-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathnt.h
More file actions
60 lines (51 loc) · 1.48 KB
/
nt.h
File metadata and controls
60 lines (51 loc) · 1.48 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
#include <Windows.h>
#pragma pack(push)
#pragma pack(1)
typedef struct _LSA_UNICODE_STRING {
USHORT Length;
USHORT MaximumLength;
PWSTR Buffer;
} UNICODE_STRING;
typedef struct _RTL_USER_PROCESS_PARAMETERS {
BYTE Reserved1[16];
PVOID Reserved2[10];
UNICODE_STRING ImagePathName;
UNICODE_STRING CommandLine;
char Reserved[1024];
} RTL_USER_PROCESS_PARAMETERS;
typedef struct _RTL_USER_PROCESS_PARAMETERS_MEMMODULE {
BYTE Reserved1[16];
PVOID Reserved2[10];
UNICODE_STRING ImagePathName;
UNICODE_STRING CommandLine;
char Reserved[1024];
DWORD ExSign; // 0cFFFFACAC;
PVOID MemModule;
} RTL_USER_PROCESS_PARAMETERS_MEMMODULE;
typedef struct _PEB
{
BYTE Reserved1[2];
BYTE BeingDebugged;
BYTE Reserved2[1];
PVOID Reserved3[2];
void* /*PPEB_LDR_DATA*/ Ldr;
RTL_USER_PROCESS_PARAMETERS* ProcessParameters;
BYTE Reserved4[104];
PVOID Reserved5[52];
void* /*PPS_POST_PROCESS_INIT_ROUTINE*/ PostProcessInitRoutine;
BYTE Reserved6[128];
PVOID Reserved7[1];
ULONG SessionId;
} PEB32;
typedef struct
{
void *Buf;
DWORD Count;
} COMMANDLINE_ARGS;
#pragma pack(pop)
extern "C"
{
__inline void* GetThreadTIB();
__inline void* GetThreadTEB();
__inline void* GetThreadPEB();
}