API tools faq
paste
Advertisement
Guest User

Windows 10 PEB

a guest
Jul 13th, 2016
680
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C++ 3.56 KB | None | 0 0
raw download clone embed print report
  1. typedef struct _PEB
  2. {
  3.     char InheritedAddressSpace;
  4.     char ReadImageFileExecOptions;
  5.     char BeingDebugged;
  6.  
  7.     union
  8.     {
  9.         char BitField;
  10.         struct DUMMYSTRUCTNAME
  11.         {
  12.             __int8 ImageUsesLargePages : 1;
  13.             __int8 IsProtectedProcess : 1;
  14.             __int8 IsImageDynamicallyRelocated : 1;
  15.             __int8 SkipPatchingUser32Forwarders : 1;
  16.             __int8 IsPackagedProcess : 1;
  17.             __int8 IsAppContainer : 1;
  18.             __int8 IsProtectedProcessLight : 1;
  19.             __int8 SpareBits : 1;
  20.         };
  21.     };
  22.  
  23.     char Padding0[4];
  24.     void *Mutant;
  25.     void *ImageBaseAddress;
  26.     PEB_LDR_DATA *Ldr;
  27.     RTL_USER_PROCESS_PARAMETERS *ProcessParameters;
  28.     void *SubSystemData;
  29.     void *ProcessHeap;
  30.     RTL_CRITICAL_SECTION *FastPebLock;
  31.     void *AtlThunkSListPtr;
  32.     void *IFEOKey;
  33.  
  34.     union
  35.     {
  36.         unsigned int CrossProcessFlags;
  37.         struct DUMMYSTRUCTNAME
  38.         {
  39.             unsigned __int32 ProcessInJob : 1;
  40.             unsigned __int32 ProcessInitializing : 1;
  41.             unsigned __int32 ProcessUsingVEH : 1;
  42.             unsigned __int32 ProcessUsingVCH : 1;
  43.             unsigned __int32 ProcessUsingFTH : 1;
  44.             unsigned __int32 ReservedBits0 : 27;
  45.         };
  46.     };
  47.  
  48.     char Padding1[4];
  49.  
  50.     union
  51.     {
  52.         void *KernelCallbackTable;
  53.         void *UserSharedInfoPtr;
  54.     };
  55.  
  56.     unsigned int SystemReserved[1];
  57.     unsigned int AtlThunkSListPtr32;
  58.     void *ApiSetMap;
  59.     unsigned int TlsExpansionCounter;
  60.     char Padding2[4];
  61.     void *TlsBitmap;
  62.     unsigned int TlsBitmapBits[2];
  63.     void *ReadOnlySharedMemoryBase;
  64.     void *SparePvoid0;
  65.     void **ReadOnlyStaticServerData;
  66.     void *AnsiCodePageData;
  67.     void *OemCodePageData;
  68.     void *UnicodeCaseTableData;
  69.     unsigned int NumberOfProcessors;
  70.     unsigned int NtGlobalFlag;
  71.     LARGE_INTEGER CriticalSectionTimeout;
  72.     unsigned __int64 HeapSegmentReserve;
  73.     unsigned __int64 HeapSegmentCommit;
  74.     unsigned __int64 HeapDeCommitTotalFreeThreshold;
  75.     unsigned __int64 HeapDeCommitFreeBlockThreshold;
  76.     unsigned int NumberOfHeaps;
  77.     unsigned int MaximumNumberOfHeaps;
  78.     void **ProcessHeaps;
  79.     void *GdiSharedHandleTable;
  80.     void *ProcessStarterHelper;
  81.     unsigned int GdiDCAttributeList;
  82.     char Padding3[4];
  83.     RTL_CRITICAL_SECTION *LoaderLock;
  84.     unsigned int OSMajorVersion;
  85.     unsigned int OSMinorVersion;
  86.     unsigned __int16 OSBuildNumber;
  87.     unsigned __int16 OSCSDVersion;
  88.     unsigned int OSPlatformId;
  89.     unsigned int ImageSubsystem;
  90.     unsigned int ImageSubsystemMajorVersion;
  91.     unsigned int ImageSubsystemMinorVersion;
  92.     char Padding4[4];
  93.     unsigned __int64 ActiveProcessAffinityMask;
  94.     unsigned int GdiHandleBuffer[60];
  95.     void (__cdecl *PostProcessInitRoutine)();
  96.     void *TlsExpansionBitmap;
  97.     unsigned int TlsExpansionBitmapBits[32];
  98.     unsigned int SessionId;
  99.     char Padding5[4];
  100.     ULARGE_INTEGER AppCompatFlags;
  101.     ULARGE_INTEGER AppCompatFlagsUser;
  102.     void *pShimData;
  103.     void *AppCompatInfo;
  104.     UNICODE_STRING CSDVersion;
  105.     const __int64 *ActivationContextData;
  106.     __int64 *ProcessAssemblyStorageMap;
  107.     const __int64 *SystemDefaultActivationContextData;
  108.     __int64 *SystemAssemblyStorageMap;
  109.     unsigned __int64 MinimumStackCommit;
  110.     __int64 *FlsCallback;
  111.     LIST_ENTRY FlsListHead;
  112.     void *FlsBitmap;
  113.     unsigned int FlsBitmapBits[4];
  114.     unsigned int FlsHighIndex;
  115.     void *WerRegistrationData;
  116.     void *WerShipAssertPtr;
  117.     void *pUnused;
  118.     void *pImageHeaderHash;
  119.  
  120.     union
  121.     {
  122.         unsigned int TracingFlags;
  123.         struct DUMMYSTRUCTNAME
  124.         {
  125.             unsigned __int32 HeapTracingEnabled : 1;
  126.             unsigned __int32 CritSecTracingEnabled : 1;
  127.             unsigned __int32 LibLoaderTracingEnabled : 1;
  128.             unsigned __int32 SpareTracingBits : 29;
  129.         };
  130.     };
  131.  
  132.     char Padding6[4];
  133.     unsigned __int64 CsrServerReadOnlySharedMemoryBase;
  134.     unsigned __int64 TppWorkerpListLock;
  135.     LIST_ENTRY TppWorkerpList;
  136.     void *WaitOnAddressHashTable[128];
  137. } PEB, *PPEB;
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!