Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- typedef struct _PEB
- {
- char InheritedAddressSpace;
- char ReadImageFileExecOptions;
- char BeingDebugged;
- union
- {
- char BitField;
- struct DUMMYSTRUCTNAME
- {
- __int8 ImageUsesLargePages : 1;
- __int8 IsProtectedProcess : 1;
- __int8 IsImageDynamicallyRelocated : 1;
- __int8 SkipPatchingUser32Forwarders : 1;
- __int8 IsPackagedProcess : 1;
- __int8 IsAppContainer : 1;
- __int8 IsProtectedProcessLight : 1;
- __int8 SpareBits : 1;
- };
- };
- char Padding0[4];
- void *Mutant;
- void *ImageBaseAddress;
- PEB_LDR_DATA *Ldr;
- RTL_USER_PROCESS_PARAMETERS *ProcessParameters;
- void *SubSystemData;
- void *ProcessHeap;
- RTL_CRITICAL_SECTION *FastPebLock;
- void *AtlThunkSListPtr;
- void *IFEOKey;
- union
- {
- unsigned int CrossProcessFlags;
- struct DUMMYSTRUCTNAME
- {
- unsigned __int32 ProcessInJob : 1;
- unsigned __int32 ProcessInitializing : 1;
- unsigned __int32 ProcessUsingVEH : 1;
- unsigned __int32 ProcessUsingVCH : 1;
- unsigned __int32 ProcessUsingFTH : 1;
- unsigned __int32 ReservedBits0 : 27;
- };
- };
- char Padding1[4];
- union
- {
- void *KernelCallbackTable;
- void *UserSharedInfoPtr;
- };
- unsigned int SystemReserved[1];
- unsigned int AtlThunkSListPtr32;
- void *ApiSetMap;
- unsigned int TlsExpansionCounter;
- char Padding2[4];
- void *TlsBitmap;
- unsigned int TlsBitmapBits[2];
- void *ReadOnlySharedMemoryBase;
- void *SparePvoid0;
- void **ReadOnlyStaticServerData;
- void *AnsiCodePageData;
- void *OemCodePageData;
- void *UnicodeCaseTableData;
- unsigned int NumberOfProcessors;
- unsigned int NtGlobalFlag;
- LARGE_INTEGER CriticalSectionTimeout;
- unsigned __int64 HeapSegmentReserve;
- unsigned __int64 HeapSegmentCommit;
- unsigned __int64 HeapDeCommitTotalFreeThreshold;
- unsigned __int64 HeapDeCommitFreeBlockThreshold;
- unsigned int NumberOfHeaps;
- unsigned int MaximumNumberOfHeaps;
- void **ProcessHeaps;
- void *GdiSharedHandleTable;
- void *ProcessStarterHelper;
- unsigned int GdiDCAttributeList;
- char Padding3[4];
- RTL_CRITICAL_SECTION *LoaderLock;
- unsigned int OSMajorVersion;
- unsigned int OSMinorVersion;
- unsigned __int16 OSBuildNumber;
- unsigned __int16 OSCSDVersion;
- unsigned int OSPlatformId;
- unsigned int ImageSubsystem;
- unsigned int ImageSubsystemMajorVersion;
- unsigned int ImageSubsystemMinorVersion;
- char Padding4[4];
- unsigned __int64 ActiveProcessAffinityMask;
- unsigned int GdiHandleBuffer[60];
- void (__cdecl *PostProcessInitRoutine)();
- void *TlsExpansionBitmap;
- unsigned int TlsExpansionBitmapBits[32];
- unsigned int SessionId;
- char Padding5[4];
- ULARGE_INTEGER AppCompatFlags;
- ULARGE_INTEGER AppCompatFlagsUser;
- void *pShimData;
- void *AppCompatInfo;
- UNICODE_STRING CSDVersion;
- const __int64 *ActivationContextData;
- __int64 *ProcessAssemblyStorageMap;
- const __int64 *SystemDefaultActivationContextData;
- __int64 *SystemAssemblyStorageMap;
- unsigned __int64 MinimumStackCommit;
- __int64 *FlsCallback;
- LIST_ENTRY FlsListHead;
- void *FlsBitmap;
- unsigned int FlsBitmapBits[4];
- unsigned int FlsHighIndex;
- void *WerRegistrationData;
- void *WerShipAssertPtr;
- void *pUnused;
- void *pImageHeaderHash;
- union
- {
- unsigned int TracingFlags;
- struct DUMMYSTRUCTNAME
- {
- unsigned __int32 HeapTracingEnabled : 1;
- unsigned __int32 CritSecTracingEnabled : 1;
- unsigned __int32 LibLoaderTracingEnabled : 1;
- unsigned __int32 SpareTracingBits : 29;
- };
- };
- char Padding6[4];
- unsigned __int64 CsrServerReadOnlySharedMemoryBase;
- unsigned __int64 TppWorkerpListLock;
- LIST_ENTRY TppWorkerpList;
- void *WaitOnAddressHashTable[128];
- } PEB, *PPEB;
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement