随笔分类 -  结构体、宏

SYSTEM_HANDLE_TABLE_ENTRY_INFO
摘要:typedef struct _SYSTEM_HANDLE_TABLE_ENTRY_INFO { USHORT UniqueProcessId; USHORT CreatorBackTraceIndex; UCHAR ObjectTypeIndex; UCHAR HandleAttributes; 阅读全文
posted @ 2017-06-11 18:59 穷到底 阅读(1023) 评论(0) 推荐(0)
RTL_PROCESS_MODULE_INFORMATION
摘要:typedef struct _RTL_PROCESS_MODULE_INFORMATION { HANDLE Section; // Not filled in PVOID MappedBase; PVOID ImageBase; ULONG ImageSize; ULONG Flags; USH 阅读全文
posted @ 2017-06-11 18:58 穷到底 阅读(741) 评论(0) 推荐(0)
IRP FLAGS
摘要:IRP所有标识位的含义,是 _IRP . flags 这个成员 阅读全文
posted @ 2016-09-12 20:13 穷到底 阅读(1033) 评论(0) 推荐(0)
_IRP struct
摘要:Windows XP x86 阅读全文
posted @ 2016-09-12 19:42 穷到底 阅读(364) 评论(0) 推荐(0)
FILE_OBJECT
摘要:https://msdn.microsoft.com/en-us/library/windows/hardware/ff545834(v=vs.85).aspx The FILE_OBJECT structure is used by the system to represent a file o 阅读全文
posted @ 2016-09-12 17:28 穷到底 阅读(740) 评论(0) 推荐(0)
TIB、TEB 信息
摘要:https://en.wikipedia.org/wiki/Win32_Thread_Information_Block 这是重点 herein: FS:[0x124] 4 NT Pointer to KTHREAD (ETHREAD) structure 阅读全文
posted @ 2016-08-31 18:00 穷到底 阅读(853) 评论(0) 推荐(0)