API tools faq
paste
Advertisement
Guest User

PEB64

a guest
Oct 21st, 2010
409
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 9.72 KB | None | 0 0
raw download clone embed print report
  1. 0:000> dt ntdll!_peb -r
  2. +0x000 InheritedAddressSpace : UChar
  3. +0x001 ReadImageFileExecOptions : UChar
  4. +0x002 BeingDebugged : UChar
  5. +0x003 BitField : UChar
  6. +0x003 ImageUsesLargePages : Pos 0, 1 Bit
  7. +0x003 IsProtectedProcess : Pos 1, 1 Bit
  8. +0x003 IsLegacyProcess : Pos 2, 1 Bit
  9. +0x003 IsImageDynamicallyRelocated : Pos 3, 1 Bit
  10. +0x003 SkipPatchingUser32Forwarders : Pos 4, 1 Bit
  11. +0x003 SpareBits : Pos 5, 3 Bits
  12. +0x008 Mutant : Ptr64 Void
  13. +0x010 ImageBaseAddress : Ptr64 Void
  14. +0x018 Ldr : Ptr64 _PEB_LDR_DATA
  15. +0x000 Length : Uint4B
  16. +0x004 Initialized : UChar
  17. +0x008 SsHandle : Ptr64 Void
  18. +0x010 InLoadOrderModuleList : _LIST_ENTRY
  19. +0x000 Flink : Ptr64 _LIST_ENTRY
  20. +0x008 Blink : Ptr64 _LIST_ENTRY
  21. +0x020 InMemoryOrderModuleList : _LIST_ENTRY
  22. +0x000 Flink : Ptr64 _LIST_ENTRY
  23. +0x008 Blink : Ptr64 _LIST_ENTRY
  24. +0x030 InInitializationOrderModuleList : _LIST_ENTRY
  25. +0x000 Flink : Ptr64 _LIST_ENTRY
  26. +0x008 Blink : Ptr64 _LIST_ENTRY
  27. +0x040 EntryInProgress : Ptr64 Void
  28. +0x048 ShutdownInProgress : UChar
  29. +0x050 ShutdownThreadId : Ptr64 Void
  30. +0x020 ProcessParameters : Ptr64 _RTL_USER_PROCESS_PARAMETERS
  31. +0x000 MaximumLength : Uint4B
  32. +0x004 Length : Uint4B
  33. +0x008 Flags : Uint4B
  34. +0x00c DebugFlags : Uint4B
  35. +0x010 ConsoleHandle : Ptr64 Void
  36. +0x018 ConsoleFlags : Uint4B
  37. +0x020 StandardInput : Ptr64 Void
  38. +0x028 StandardOutput : Ptr64 Void
  39. +0x030 StandardError : Ptr64 Void
  40. +0x038 CurrentDirectory : _CURDIR
  41. +0x000 DosPath : _UNICODE_STRING
  42. +0x010 Handle : Ptr64 Void
  43. +0x050 DllPath : _UNICODE_STRING
  44. +0x000 Length : Uint2B
  45. +0x002 MaximumLength : Uint2B
  46. +0x008 Buffer : Ptr64 Uint2B
  47. +0x060 ImagePathName : _UNICODE_STRING
  48. +0x000 Length : Uint2B
  49. +0x002 MaximumLength : Uint2B
  50. +0x008 Buffer : Ptr64 Uint2B
  51. +0x070 CommandLine : _UNICODE_STRING
  52. +0x000 Length : Uint2B
  53. +0x002 MaximumLength : Uint2B
  54. +0x008 Buffer : Ptr64 Uint2B
  55. +0x080 Environment : Ptr64 Void
  56. +0x088 StartingX : Uint4B
  57. +0x08c StartingY : Uint4B
  58. +0x090 CountX : Uint4B
  59. +0x094 CountY : Uint4B
  60. +0x098 CountCharsX : Uint4B
  61. +0x09c CountCharsY : Uint4B
  62. +0x0a0 FillAttribute : Uint4B
  63. +0x0a4 WindowFlags : Uint4B
  64. +0x0a8 ShowWindowFlags : Uint4B
  65. +0x0b0 WindowTitle : _UNICODE_STRING
  66. +0x000 Length : Uint2B
  67. +0x002 MaximumLength : Uint2B
  68. +0x008 Buffer : Ptr64 Uint2B
  69. +0x0c0 DesktopInfo : _UNICODE_STRING
  70. +0x000 Length : Uint2B
  71. +0x002 MaximumLength : Uint2B
  72. +0x008 Buffer : Ptr64 Uint2B
  73. +0x0d0 ShellInfo : _UNICODE_STRING
  74. +0x000 Length : Uint2B
  75. +0x002 MaximumLength : Uint2B
  76. +0x008 Buffer : Ptr64 Uint2B
  77. +0x0e0 RuntimeData : _UNICODE_STRING
  78. +0x000 Length : Uint2B
  79. +0x002 MaximumLength : Uint2B
  80. +0x008 Buffer : Ptr64 Uint2B
  81. +0x0f0 CurrentDirectores : [32] _RTL_DRIVE_LETTER_CURDIR
  82. +0x000 Flags : Uint2B
  83. +0x002 Length : Uint2B
  84. +0x004 TimeStamp : Uint4B
  85. +0x008 DosPath : _STRING
  86. +0x3f0 EnvironmentSize : Uint8B
  87. +0x3f8 EnvironmentVersion : Uint8B
  88. +0x028 SubSystemData : Ptr64 Void
  89. +0x030 ProcessHeap : Ptr64 Void
  90. +0x038 FastPebLock : Ptr64 _RTL_CRITICAL_SECTION
  91. +0x000 DebugInfo : Ptr64 _RTL_CRITICAL_SECTION_DEBUG
  92. +0x000 Type : Uint2B
  93. +0x002 CreatorBackTraceIndex : Uint2B
  94. +0x008 CriticalSection : Ptr64 _RTL_CRITICAL_SECTION
  95. +0x010 ProcessLocksList : _LIST_ENTRY
  96. +0x020 EntryCount : Uint4B
  97. +0x024 ContentionCount : Uint4B
  98. +0x028 Flags : Uint4B
  99. +0x02c CreatorBackTraceIndexHigh : Uint2B
  100. +0x02e SpareUSHORT : Uint2B
  101. +0x008 LockCount : Int4B
  102. +0x00c RecursionCount : Int4B
  103. +0x010 OwningThread : Ptr64 Void
  104. +0x018 LockSemaphore : Ptr64 Void
  105. +0x020 SpinCount : Uint8B
  106. +0x040 AtlThunkSListPtr : Ptr64 Void
  107. +0x048 IFEOKey : Ptr64 Void
  108. +0x050 CrossProcessFlags : Uint4B
  109. +0x050 ProcessInJob : Pos 0, 1 Bit
  110. +0x050 ProcessInitializing : Pos 1, 1 Bit
  111. +0x050 ProcessUsingVEH : Pos 2, 1 Bit
  112. +0x050 ProcessUsingVCH : Pos 3, 1 Bit
  113. +0x050 ProcessUsingFTH : Pos 4, 1 Bit
  114. +0x050 ReservedBits0 : Pos 5, 27 Bits
  115. +0x058 KernelCallbackTable : Ptr64 Void
  116. +0x058 UserSharedInfoPtr : Ptr64 Void
  117. +0x060 SystemReserved : [1] Uint4B
  118. +0x064 AtlThunkSListPtr32 : Uint4B
  119. +0x068 ApiSetMap : Ptr64 Void
  120. +0x070 TlsExpansionCounter : Uint4B
  121. +0x078 TlsBitmap : Ptr64 Void
  122. +0x080 TlsBitmapBits : [2] Uint4B
  123. +0x088 ReadOnlySharedMemoryBase : Ptr64 Void
  124. +0x090 HotpatchInformation : Ptr64 Void
  125. +0x098 ReadOnlyStaticServerData : Ptr64 Ptr64 Void
  126. +0x0a0 AnsiCodePageData : Ptr64 Void
  127. +0x0a8 OemCodePageData : Ptr64 Void
  128. +0x0b0 UnicodeCaseTableData : Ptr64 Void
  129. +0x0b8 NumberOfProcessors : Uint4B
  130. +0x0bc NtGlobalFlag : Uint4B
  131. +0x0c0 CriticalSectionTimeout : _LARGE_INTEGER
  132. +0x000 LowPart : Uint4B
  133. +0x004 HighPart : Int4B
  134. +0x000 u : <unnamed-tag>
  135. +0x000 LowPart : Uint4B
  136. +0x004 HighPart : Int4B
  137. +0x000 QuadPart : Int8B
  138. +0x0c8 HeapSegmentReserve : Uint8B
  139. +0x0d0 HeapSegmentCommit : Uint8B
  140. +0x0d8 HeapDeCommitTotalFreeThreshold : Uint8B
  141. +0x0e0 HeapDeCommitFreeBlockThreshold : Uint8B
  142. +0x0e8 NumberOfHeaps : Uint4B
  143. +0x0ec MaximumNumberOfHeaps : Uint4B
  144. +0x0f0 ProcessHeaps : Ptr64 Ptr64 Void
  145. +0x0f8 GdiSharedHandleTable : Ptr64 Void
  146. +0x100 ProcessStarterHelper : Ptr64 Void
  147. +0x108 GdiDCAttributeList : Uint4B
  148. +0x110 LoaderLock : Ptr64 _RTL_CRITICAL_SECTION
  149. +0x000 DebugInfo : Ptr64 _RTL_CRITICAL_SECTION_DEBUG
  150. +0x000 Type : Uint2B
  151. +0x002 CreatorBackTraceIndex : Uint2B
  152. +0x008 CriticalSection : Ptr64 _RTL_CRITICAL_SECTION
  153. +0x010 ProcessLocksList : _LIST_ENTRY
  154. +0x020 EntryCount : Uint4B
  155. +0x024 ContentionCount : Uint4B
  156. +0x028 Flags : Uint4B
  157. +0x02c CreatorBackTraceIndexHigh : Uint2B
  158. +0x02e SpareUSHORT : Uint2B
  159. +0x008 LockCount : Int4B
  160. +0x00c RecursionCount : Int4B
  161. +0x010 OwningThread : Ptr64 Void
  162. +0x018 LockSemaphore : Ptr64 Void
  163. +0x020 SpinCount : Uint8B
  164. +0x118 OSMajorVersion : Uint4B
  165. +0x11c OSMinorVersion : Uint4B
  166. +0x120 OSBuildNumber : Uint2B
  167. +0x122 OSCSDVersion : Uint2B
  168. +0x124 OSPlatformId : Uint4B
  169. +0x128 ImageSubsystem : Uint4B
  170. +0x12c ImageSubsystemMajorVersion : Uint4B
  171. +0x130 ImageSubsystemMinorVersion : Uint4B
  172. +0x138 ActiveProcessAffinityMask : Uint8B
  173. +0x140 GdiHandleBuffer : [60] Uint4B
  174. +0x230 PostProcessInitRoutine : Ptr64 void
  175. +0x238 TlsExpansionBitmap : Ptr64 Void
  176. +0x240 TlsExpansionBitmapBits : [32] Uint4B
  177. +0x2c0 SessionId : Uint4B
  178. +0x2c8 AppCompatFlags : _ULARGE_INTEGER
  179. +0x000 LowPart : Uint4B
  180. +0x004 HighPart : Uint4B
  181. +0x000 u : <unnamed-tag>
  182. +0x000 LowPart : Uint4B
  183. +0x004 HighPart : Uint4B
  184. +0x000 QuadPart : Uint8B
  185. +0x2d0 AppCompatFlagsUser : _ULARGE_INTEGER
  186. +0x000 LowPart : Uint4B
  187. +0x004 HighPart : Uint4B
  188. +0x000 u : <unnamed-tag>
  189. +0x000 LowPart : Uint4B
  190. +0x004 HighPart : Uint4B
  191. +0x000 QuadPart : Uint8B
  192. +0x2d8 pShimData : Ptr64 Void
  193. +0x2e0 AppCompatInfo : Ptr64 Void
  194. +0x2e8 CSDVersion : _UNICODE_STRING
  195. +0x000 Length : Uint2B
  196. +0x002 MaximumLength : Uint2B
  197. +0x008 Buffer : Ptr64 Uint2B
  198. +0x2f8 ActivationContextData : Ptr64 _ACTIVATION_CONTEXT_DATA
  199. +0x300 ProcessAssemblyStorageMap : Ptr64 _ASSEMBLY_STORAGE_MAP
  200. +0x308 SystemDefaultActivationContextData : Ptr64 _ACTIVATION_CONTEXT_DATA
  201. +0x310 SystemAssemblyStorageMap : Ptr64 _ASSEMBLY_STORAGE_MAP
  202. +0x318 MinimumStackCommit : Uint8B
  203. +0x320 FlsCallback : Ptr64 _FLS_CALLBACK_INFO
  204. +0x328 FlsListHead : _LIST_ENTRY
  205. +0x000 Flink : Ptr64 _LIST_ENTRY
  206. +0x000 Flink : Ptr64 _LIST_ENTRY
  207. +0x008 Blink : Ptr64 _LIST_ENTRY
  208. +0x008 Blink : Ptr64 _LIST_ENTRY
  209. +0x000 Flink : Ptr64 _LIST_ENTRY
  210. +0x008 Blink : Ptr64 _LIST_ENTRY
  211. +0x338 FlsBitmap : Ptr64 Void
  212. +0x340 FlsBitmapBits : [4] Uint4B
  213. +0x350 FlsHighIndex : Uint4B
  214. +0x358 WerRegistrationData : Ptr64 Void
  215. +0x360 WerShipAssertPtr : Ptr64 Void
  216. +0x368 pContextData : Ptr64 Void
  217. +0x370 pImageHeaderHash : Ptr64 Void
  218. +0x378 TracingFlags : Uint4B
  219. +0x378 HeapTracingEnabled : Pos 0, 1 Bit
  220. +0x378 CritSecTracingEnabled : Pos 1, 1 Bit
  221. +0x378 SpareTracingBits : Pos 2, 30 Bits
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!