-
Notifications
You must be signed in to change notification settings - Fork 5
Expand file tree
/
Copy pathDebugStructs_x86.txt
More file actions
572 lines (515 loc) · 25 KB
/
DebugStructs_x86.txt
File metadata and controls
572 lines (515 loc) · 25 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
using System;
using System.Runtime.InteropServices;
using Microsoft.Diagnostics.Runtime.Interop;
namespace PSExt.Extension.x86
{
/// Generated by SystemStruct.ps1
[StructLayout(LayoutKind.Explicit, Size=0x18)]
public struct ACTIVATION_CONTEXT_STACK
{
[FieldOffset(0x000)] public RTL_ACTIVATION_CONTEXT_STACK_FRAME ActiveFrame;
[FieldOffset(0x004)] public LIST_ENTRY FrameListCache;
[FieldOffset(0x00c)] public UInt32 Flags;
[FieldOffset(0x010)] public UInt32 NextCookieSequenceNumber;
[FieldOffset(0x014)] public UInt32 StackId;
}
/// Generated by SystemStruct.ps1
[StructLayout(LayoutKind.Explicit, Size=0x8)]
public struct CLIENT_ID
{
[FieldOffset(0x000)] public void UniqueProcess;
[FieldOffset(0x004)] public void UniqueThread;
}
/// Generated by SystemStruct.ps1
[StructLayout(LayoutKind.Explicit, Size=0xc)]
public struct CURDIR
{
[FieldOffset(0x000)] public UNICODE_STRING DosPath;
[FieldOffset(0x008)] public void Handle;
}
/// Generated by SystemStruct.ps1
[StructLayout(LayoutKind.Explicit, Size=0x8)]
public struct EXCEPTION_REGISTRATION_RECORD
{
[FieldOffset(0x000)] public EXCEPTION_REGISTRATION_RECORD Next;
[FieldOffset(0x004)] public IntPtr Handler;
}
/// Generated by SystemStruct.ps1
[StructLayout(LayoutKind.Explicit, Size=0x4e0)]
public unsafe struct GDI_TEB_BATCH
{
[FieldOffset(0x000)] public UInt32 BitField;
[FieldOffset(0x004)] public UInt32 HDC;
[FieldOffset(0x008)] public fixed UInt32 Buffer [310];
public UInt32 Offset => (UInt32)((BitField & 0x0000) >> 0);
public bool HasRenderingCommand => (BitField & 0x40000000) >> 31 == 1;
}
/// Generated by SystemStruct.ps1
[StructLayout(LayoutKind.Explicit, Size=0x8)]
public struct LIST_ENTRY
{
[FieldOffset(0x000)] public LIST_ENTRY Flink;
[FieldOffset(0x004)] public LIST_ENTRY Blink;
}
/// Generated by SystemStruct.ps1
[StructLayout(LayoutKind.Explicit, Size=0x1c)]
public struct NT_TIB
{
[FieldOffset(0x000)] public EXCEPTION_REGISTRATION_RECORD ExceptionList;
[FieldOffset(0x004)] public void StackBase;
[FieldOffset(0x008)] public void StackLimit;
[FieldOffset(0x00c)] public void SubSystemTib;
[FieldOffset(0x010)] public void FiberData;
[FieldOffset(0x010)] public UInt32 Version;
[FieldOffset(0x014)] public void ArbitraryUserPointer;
[FieldOffset(0x018)] public NT_TIB Self;
}
/// Generated by SystemStruct.ps1
[StructLayout(LayoutKind.Explicit, Size=0x460)]
public unsafe struct PEB
{
[FieldOffset(0x000)] public byte InheritedAddressSpace;
[FieldOffset(0x001)] public byte ReadImageFileExecOptions;
[FieldOffset(0x002)] public byte BeingDebugged;
[FieldOffset(0x003)] public byte BitField;
[FieldOffset(0x004)] public void Mutant;
[FieldOffset(0x008)] public void ImageBaseAddress;
[FieldOffset(0x00c)] public PEB_LDR_DATA Ldr;
[FieldOffset(0x010)] public RTL_USER_PROCESS_PARAMETERS ProcessParameters;
[FieldOffset(0x014)] public void SubSystemData;
[FieldOffset(0x018)] public void ProcessHeap;
[FieldOffset(0x01c)] public RTL_CRITICAL_SECTION FastPebLock;
[FieldOffset(0x020)] public void AtlThunkSListPtr;
[FieldOffset(0x024)] public void IFEOKey;
[FieldOffset(0x028)] public UInt32 CrossProcessFlags;
[FieldOffset(0x02c)] public void KernelCallbackTable;
[FieldOffset(0x02c)] public void UserSharedInfoPtr;
[FieldOffset(0x030)] public fixed UInt32 SystemReserved [1];
[FieldOffset(0x034)] public UInt32 AtlThunkSListPtr32;
[FieldOffset(0x038)] public void ApiSetMap;
[FieldOffset(0x03c)] public UInt32 TlsExpansionCounter;
[FieldOffset(0x040)] public void TlsBitmap;
[FieldOffset(0x044)] public fixed UInt32 TlsBitmapBits [2];
[FieldOffset(0x04c)] public void ReadOnlySharedMemoryBase;
[FieldOffset(0x050)] public void SparePvoid0;
[FieldOffset(0x054)] public void ReadOnlyStaticServerData;
[FieldOffset(0x058)] public void AnsiCodePageData;
[FieldOffset(0x05c)] public void OemCodePageData;
[FieldOffset(0x060)] public void UnicodeCaseTableData;
[FieldOffset(0x064)] public UInt32 NumberOfProcessors;
[FieldOffset(0x068)] public UInt32 NtGlobalFlag;
[FieldOffset(0x070)] public UInt64 CriticalSectionTimeout;
[FieldOffset(0x078)] public UInt32 HeapSegmentReserve;
[FieldOffset(0x07c)] public UInt32 HeapSegmentCommit;
[FieldOffset(0x080)] public UInt32 HeapDeCommitTotalFreeThreshold;
[FieldOffset(0x084)] public UInt32 HeapDeCommitFreeBlockThreshold;
[FieldOffset(0x088)] public UInt32 NumberOfHeaps;
[FieldOffset(0x08c)] public UInt32 MaximumNumberOfHeaps;
[FieldOffset(0x090)] public void ProcessHeaps;
[FieldOffset(0x094)] public void GdiSharedHandleTable;
[FieldOffset(0x098)] public void ProcessStarterHelper;
[FieldOffset(0x09c)] public UInt32 GdiDCAttributeList;
[FieldOffset(0x0a0)] public RTL_CRITICAL_SECTION LoaderLock;
[FieldOffset(0x0a4)] public UInt32 OSMajorVersion;
[FieldOffset(0x0a8)] public UInt32 OSMinorVersion;
[FieldOffset(0x0ac)] public UInt16 OSBuildNumber;
[FieldOffset(0x0ae)] public UInt16 OSCSDVersion;
[FieldOffset(0x0b0)] public UInt32 OSPlatformId;
[FieldOffset(0x0b4)] public UInt32 ImageSubsystem;
[FieldOffset(0x0b8)] public UInt32 ImageSubsystemMajorVersion;
[FieldOffset(0x0bc)] public UInt32 ImageSubsystemMinorVersion;
[FieldOffset(0x0c0)] public UInt32 ActiveProcessAffinityMask;
[FieldOffset(0x0c4)] public fixed UInt32 GdiHandleBuffer [34];
[FieldOffset(0x14c)] public void PostProcessInitRoutine;
[FieldOffset(0x150)] public void TlsExpansionBitmap;
[FieldOffset(0x154)] public fixed UInt32 TlsExpansionBitmapBits [32];
[FieldOffset(0x1d4)] public UInt32 SessionId;
[FieldOffset(0x1d8)] public UInt64 AppCompatFlags;
[FieldOffset(0x1e0)] public UInt64 AppCompatFlagsUser;
[FieldOffset(0x1e8)] public void pShimData;
[FieldOffset(0x1ec)] public void AppCompatInfo;
[FieldOffset(0x1f0)] public UNICODE_STRING CSDVersion;
[FieldOffset(0x1f8)] public ACTIVATION_CONTEXT_DATA ActivationContextData;
[FieldOffset(0x1fc)] public ASSEMBLY_STORAGE_MAP ProcessAssemblyStorageMap;
[FieldOffset(0x200)] public ACTIVATION_CONTEXT_DATA SystemDefaultActivationContextData;
[FieldOffset(0x204)] public ASSEMBLY_STORAGE_MAP SystemAssemblyStorageMap;
[FieldOffset(0x208)] public UInt32 MinimumStackCommit;
[FieldOffset(0x20c)] public FLS_CALLBACK_INFO FlsCallback;
[FieldOffset(0x210)] public LIST_ENTRY FlsListHead;
[FieldOffset(0x218)] public void FlsBitmap;
[FieldOffset(0x21c)] public fixed UInt32 FlsBitmapBits [4];
[FieldOffset(0x22c)] public UInt32 FlsHighIndex;
[FieldOffset(0x230)] public void WerRegistrationData;
[FieldOffset(0x234)] public void WerShipAssertPtr;
[FieldOffset(0x238)] public void pUnused;
[FieldOffset(0x23c)] public void pImageHeaderHash;
[FieldOffset(0x240)] public UInt32 TracingFlags;
[FieldOffset(0x248)] public UInt64 CsrServerReadOnlySharedMemoryBase;
[FieldOffset(0x250)] public UInt32 TppWorkerpListLock;
[FieldOffset(0x254)] public LIST_ENTRY TppWorkerpList;
[FieldOffset(0x25c)] public fixed void WaitOnAddressHashTable [128];
public bool ImageUsesLargePages => (BitField & 0x80000000) >> 0 == 1;
public bool IsProtectedProcess => (BitField & 0x0001) >> 1 == 1;
public bool IsImageDynamicallyRelocated => (BitField & 0x0002) >> 2 == 1;
public bool SkipPatchingUser32Forwarders => (BitField & 0x0004) >> 3 == 1;
public bool IsPackagedProcess => (BitField & 0x0008) >> 4 == 1;
public bool IsAppContainer => (BitField & 0x0010) >> 5 == 1;
public bool IsProtectedProcessLight => (BitField & 0x0020) >> 6 == 1;
public bool SpareBits => (BitField & 0x0040) >> 7 == 1;
public bool ProcessInJob => (CrossProcessFlags & 0x80000000) >> 0 == 1;
public bool ProcessInitializing => (CrossProcessFlags & 0x0001) >> 1 == 1;
public bool ProcessUsingVEH => (CrossProcessFlags & 0x0002) >> 2 == 1;
public bool ProcessUsingVCH => (CrossProcessFlags & 0x0004) >> 3 == 1;
public bool ProcessUsingFTH => (CrossProcessFlags & 0x0008) >> 4 == 1;
public UInt32 ReservedBits0 => (UInt32)((CrossProcessFlags & 0x7FFFFFF0) >> 5);
public bool HeapTracingEnabled => (TracingFlags & 0x80000000) >> 0 == 1;
public bool CritSecTracingEnabled => (TracingFlags & 0x0001) >> 1 == 1;
public bool LibLoaderTracingEnabled => (TracingFlags & 0x0002) >> 2 == 1;
public UInt32 SpareTracingBits => (UInt32)((TracingFlags & 0x7FFFFFFC) >> 3);
}
/// Generated by SystemStruct.ps1
[StructLayout(LayoutKind.Explicit, Size=0x30)]
public struct PEB_LDR_DATA
{
[FieldOffset(0x000)] public UInt32 Length;
[FieldOffset(0x004)] public byte Initialized;
[FieldOffset(0x008)] public void SsHandle;
[FieldOffset(0x00c)] public LIST_ENTRY InLoadOrderModuleList;
[FieldOffset(0x014)] public LIST_ENTRY InMemoryOrderModuleList;
[FieldOffset(0x01c)] public LIST_ENTRY InInitializationOrderModuleList;
[FieldOffset(0x024)] public void EntryInProgress;
[FieldOffset(0x028)] public byte ShutdownInProgress;
[FieldOffset(0x02c)] public void ShutdownThreadId;
}
/// Generated by SystemStruct.ps1
[StructLayout(LayoutKind.Explicit, Size=0x4)]
public struct PROCESSOR_NUMBER
{
[FieldOffset(0x000)] public UInt16 Group;
[FieldOffset(0x002)] public byte Number;
[FieldOffset(0x003)] public byte Reserved;
}
/// Generated by SystemStruct.ps1
[StructLayout(LayoutKind.Explicit, Size=0xc)]
public struct RTL_ACTIVATION_CONTEXT_STACK_FRAME
{
[FieldOffset(0x000)] public RTL_ACTIVATION_CONTEXT_STACK_FRAME Previous;
[FieldOffset(0x004)] public ACTIVATION_CONTEXT ActivationContext;
[FieldOffset(0x008)] public UInt32 Flags;
}
/// Generated by SystemStruct.ps1
[StructLayout(LayoutKind.Explicit, Size=0x18)]
public struct RTL_CRITICAL_SECTION
{
[FieldOffset(0x000)] public RTL_CRITICAL_SECTION_DEBUG DebugInfo;
[FieldOffset(0x004)] public Int32 LockCount;
[FieldOffset(0x008)] public Int32 RecursionCount;
[FieldOffset(0x00c)] public void OwningThread;
[FieldOffset(0x010)] public void LockSemaphore;
[FieldOffset(0x014)] public UInt32 SpinCount;
}
/// Generated by SystemStruct.ps1
[StructLayout(LayoutKind.Explicit, Size=0x20)]
public struct RTL_CRITICAL_SECTION_DEBUG
{
[FieldOffset(0x000)] public UInt16 Type;
[FieldOffset(0x002)] public UInt16 CreatorBackTraceIndex;
[FieldOffset(0x004)] public RTL_CRITICAL_SECTION CriticalSection;
[FieldOffset(0x008)] public LIST_ENTRY ProcessLocksList;
[FieldOffset(0x010)] public UInt32 EntryCount;
[FieldOffset(0x014)] public UInt32 ContentionCount;
[FieldOffset(0x018)] public UInt32 Flags;
[FieldOffset(0x01c)] public UInt16 CreatorBackTraceIndexHigh;
[FieldOffset(0x01e)] public UInt16 SpareUSHORT;
}
/// Generated by SystemStruct.ps1
[StructLayout(LayoutKind.Explicit, Size=0x10)]
public struct RTL_DRIVE_LETTER_CURDIR
{
[FieldOffset(0x000)] public UInt16 Flags;
[FieldOffset(0x002)] public UInt16 Length;
[FieldOffset(0x004)] public UInt32 TimeStamp;
[FieldOffset(0x008)] public STRING DosPath;
}
/// Generated by SystemStruct.ps1
[StructLayout(LayoutKind.Explicit, Size=0x2a4)]
public struct RTL_USER_PROCESS_PARAMETERS
{
[FieldOffset(0x000)] public UInt32 MaximumLength;
[FieldOffset(0x004)] public UInt32 Length;
[FieldOffset(0x008)] public UInt32 Flags;
[FieldOffset(0x00c)] public UInt32 DebugFlags;
[FieldOffset(0x010)] public void ConsoleHandle;
[FieldOffset(0x014)] public UInt32 ConsoleFlags;
[FieldOffset(0x018)] public void StandardInput;
[FieldOffset(0x01c)] public void StandardOutput;
[FieldOffset(0x020)] public void StandardError;
[FieldOffset(0x024)] public CURDIR CurrentDirectory;
[FieldOffset(0x030)] public UNICODE_STRING DllPath;
[FieldOffset(0x038)] public UNICODE_STRING ImagePathName;
[FieldOffset(0x040)] public UNICODE_STRING CommandLine;
[FieldOffset(0x048)] public void Environment;
[FieldOffset(0x04c)] public UInt32 StartingX;
[FieldOffset(0x050)] public UInt32 StartingY;
[FieldOffset(0x054)] public UInt32 CountX;
[FieldOffset(0x058)] public UInt32 CountY;
[FieldOffset(0x05c)] public UInt32 CountCharsX;
[FieldOffset(0x060)] public UInt32 CountCharsY;
[FieldOffset(0x064)] public UInt32 FillAttribute;
[FieldOffset(0x068)] public UInt32 WindowFlags;
[FieldOffset(0x06c)] public UInt32 ShowWindowFlags;
[FieldOffset(0x070)] public UNICODE_STRING WindowTitle;
[FieldOffset(0x078)] public UNICODE_STRING DesktopInfo;
[FieldOffset(0x080)] public UNICODE_STRING ShellInfo;
[FieldOffset(0x088)] public UNICODE_STRING RuntimeData;
[FieldOffset(0x090)] public RTL_DRIVE_LETTER_CURDIR CurrentDirectores0;
[FieldOffset(0x0a0)] public RTL_DRIVE_LETTER_CURDIR CurrentDirectores1;
[FieldOffset(0x0b0)] public RTL_DRIVE_LETTER_CURDIR CurrentDirectores2;
[FieldOffset(0x0c0)] public RTL_DRIVE_LETTER_CURDIR CurrentDirectores3;
[FieldOffset(0x0d0)] public RTL_DRIVE_LETTER_CURDIR CurrentDirectores4;
[FieldOffset(0x0e0)] public RTL_DRIVE_LETTER_CURDIR CurrentDirectores5;
[FieldOffset(0x0f0)] public RTL_DRIVE_LETTER_CURDIR CurrentDirectores6;
[FieldOffset(0x100)] public RTL_DRIVE_LETTER_CURDIR CurrentDirectores7;
[FieldOffset(0x110)] public RTL_DRIVE_LETTER_CURDIR CurrentDirectores8;
[FieldOffset(0x120)] public RTL_DRIVE_LETTER_CURDIR CurrentDirectores9;
[FieldOffset(0x130)] public RTL_DRIVE_LETTER_CURDIR CurrentDirectores10;
[FieldOffset(0x140)] public RTL_DRIVE_LETTER_CURDIR CurrentDirectores11;
[FieldOffset(0x150)] public RTL_DRIVE_LETTER_CURDIR CurrentDirectores12;
[FieldOffset(0x160)] public RTL_DRIVE_LETTER_CURDIR CurrentDirectores13;
[FieldOffset(0x170)] public RTL_DRIVE_LETTER_CURDIR CurrentDirectores14;
[FieldOffset(0x180)] public RTL_DRIVE_LETTER_CURDIR CurrentDirectores15;
[FieldOffset(0x190)] public RTL_DRIVE_LETTER_CURDIR CurrentDirectores16;
[FieldOffset(0x1a0)] public RTL_DRIVE_LETTER_CURDIR CurrentDirectores17;
[FieldOffset(0x1b0)] public RTL_DRIVE_LETTER_CURDIR CurrentDirectores18;
[FieldOffset(0x1c0)] public RTL_DRIVE_LETTER_CURDIR CurrentDirectores19;
[FieldOffset(0x1d0)] public RTL_DRIVE_LETTER_CURDIR CurrentDirectores20;
[FieldOffset(0x1e0)] public RTL_DRIVE_LETTER_CURDIR CurrentDirectores21;
[FieldOffset(0x1f0)] public RTL_DRIVE_LETTER_CURDIR CurrentDirectores22;
[FieldOffset(0x200)] public RTL_DRIVE_LETTER_CURDIR CurrentDirectores23;
[FieldOffset(0x210)] public RTL_DRIVE_LETTER_CURDIR CurrentDirectores24;
[FieldOffset(0x220)] public RTL_DRIVE_LETTER_CURDIR CurrentDirectores25;
[FieldOffset(0x230)] public RTL_DRIVE_LETTER_CURDIR CurrentDirectores26;
[FieldOffset(0x240)] public RTL_DRIVE_LETTER_CURDIR CurrentDirectores27;
[FieldOffset(0x250)] public RTL_DRIVE_LETTER_CURDIR CurrentDirectores28;
[FieldOffset(0x260)] public RTL_DRIVE_LETTER_CURDIR CurrentDirectores29;
[FieldOffset(0x270)] public RTL_DRIVE_LETTER_CURDIR CurrentDirectores30;
[FieldOffset(0x280)] public RTL_DRIVE_LETTER_CURDIR CurrentDirectores31;
[FieldOffset(0x290)] public UInt32 EnvironmentSize;
[FieldOffset(0x294)] public UInt32 EnvironmentVersion;
[FieldOffset(0x298)] public void PackageDependencyData;
[FieldOffset(0x29c)] public UInt32 ProcessGroupId;
[FieldOffset(0x2a0)] public UInt32 LoaderThreads;
}
/// Generated by SystemStruct.ps1
[StructLayout(LayoutKind.Explicit, Size=0x8)]
public struct STRING
{
[FieldOffset(0x000)] public UInt16 Length;
[FieldOffset(0x002)] public UInt16 MaximumLength;
[FieldOffset(0x004)] public byte Buffer;
}
/// Generated by SystemStruct.ps1
[StructLayout(LayoutKind.Explicit, Size=0x1000)]
public unsafe struct TEB
{
[FieldOffset(0x000)] public NT_TIB NtTib;
[FieldOffset(0x01c)] public void EnvironmentPointer;
[FieldOffset(0x020)] public CLIENT_ID ClientId;
[FieldOffset(0x028)] public void ActiveRpcHandle;
[FieldOffset(0x02c)] public void ThreadLocalStoragePointer;
[FieldOffset(0x030)] public PEB ProcessEnvironmentBlock;
[FieldOffset(0x034)] public UInt32 LastErrorValue;
[FieldOffset(0x038)] public UInt32 CountOfOwnedCriticalSections;
[FieldOffset(0x03c)] public void CsrClientThread;
[FieldOffset(0x040)] public void Win32ThreadInfo;
[FieldOffset(0x044)] public fixed UInt32 User32Reserved [26];
[FieldOffset(0x0ac)] public fixed UInt32 UserReserved [5];
[FieldOffset(0x0c0)] public void WOW32Reserved;
[FieldOffset(0x0c4)] public UInt32 CurrentLocale;
[FieldOffset(0x0c8)] public UInt32 FpSoftwareStatusRegister;
[FieldOffset(0x0cc)] public fixed void ReservedForDebuggerInstrumentation [16];
[FieldOffset(0x10c)] public fixed void SystemReserved1 [38];
[FieldOffset(0x1a4)] public Int32 ExceptionCode;
[FieldOffset(0x1a8)] public ACTIVATION_CONTEXT_STACK ActivationContextStackPointer;
[FieldOffset(0x1ac)] public UInt32 InstrumentationCallbackSp;
[FieldOffset(0x1b0)] public UInt32 InstrumentationCallbackPreviousPc;
[FieldOffset(0x1b4)] public UInt32 InstrumentationCallbackPreviousSp;
[FieldOffset(0x1b8)] public byte InstrumentationCallbackDisabled;
[FieldOffset(0x1b9)] public fixed byte SpareBytes [23];
[FieldOffset(0x1d0)] public UInt32 TxFsContext;
[FieldOffset(0x1d4)] public GDI_TEB_BATCH GdiTebBatch;
[FieldOffset(0x6b4)] public CLIENT_ID RealClientId;
[FieldOffset(0x6bc)] public void GdiCachedProcessHandle;
[FieldOffset(0x6c0)] public UInt32 GdiClientPID;
[FieldOffset(0x6c4)] public UInt32 GdiClientTID;
[FieldOffset(0x6c8)] public void GdiThreadLocalInfo;
[FieldOffset(0x6cc)] public fixed UInt32 Win32ClientInfo [62];
[FieldOffset(0x7c4)] public fixed void glDispatchTable [233];
[FieldOffset(0xb68)] public fixed UInt32 glReserved1 [29];
[FieldOffset(0xbdc)] public void glReserved2;
[FieldOffset(0xbe0)] public void glSectionInfo;
[FieldOffset(0xbe4)] public void glSection;
[FieldOffset(0xbe8)] public void glTable;
[FieldOffset(0xbec)] public void glCurrentRC;
[FieldOffset(0xbf0)] public void glContext;
[FieldOffset(0xbf4)] public UInt32 LastStatusValue;
[FieldOffset(0xbf8)] public UNICODE_STRING StaticUnicodeString;
[FieldOffset(0xc00)] public byte StaticUnicodeBuffer;
[FieldOffset(0xe0c)] public void DeallocationStack;
[FieldOffset(0xe10)] public fixed void TlsSlots [64];
[FieldOffset(0xf10)] public LIST_ENTRY TlsLinks;
[FieldOffset(0xf18)] public void Vdm;
[FieldOffset(0xf1c)] public void ReservedForNtRpc;
[FieldOffset(0xf20)] public fixed void DbgSsReserved [2];
[FieldOffset(0xf28)] public UInt32 HardErrorMode;
[FieldOffset(0xf2c)] public fixed void Instrumentation [9];
[FieldOffset(0xf50)] public Guid ActivityId;
[FieldOffset(0xf60)] public void SubProcessTag;
[FieldOffset(0xf64)] public void PerflibData;
[FieldOffset(0xf68)] public void EtwTraceData;
[FieldOffset(0xf6c)] public void WinSockData;
[FieldOffset(0xf70)] public UInt32 GdiBatchCount;
[FieldOffset(0xf74)] public PROCESSOR_NUMBER CurrentIdealProcessor;
[FieldOffset(0xf74)] public UInt32 IdealProcessorValue;
[FieldOffset(0xf74)] public byte ReservedPad0;
[FieldOffset(0xf75)] public byte ReservedPad1;
[FieldOffset(0xf76)] public byte ReservedPad2;
[FieldOffset(0xf77)] public byte IdealProcessor;
[FieldOffset(0xf78)] public UInt32 GuaranteedStackBytes;
[FieldOffset(0xf7c)] public void ReservedForPerf;
[FieldOffset(0xf80)] public void ReservedForOle;
[FieldOffset(0xf84)] public UInt32 WaitingOnLoaderLock;
[FieldOffset(0xf88)] public void SavedPriorityState;
[FieldOffset(0xf8c)] public UInt32 ReservedForCodeCoverage;
[FieldOffset(0xf90)] public void ThreadPoolData;
[FieldOffset(0xf94)] public void TlsExpansionSlots;
[FieldOffset(0xf98)] public UInt32 MuiGeneration;
[FieldOffset(0xf9c)] public UInt32 IsImpersonating;
[FieldOffset(0xfa0)] public void NlsCache;
[FieldOffset(0xfa4)] public void pShimData;
[FieldOffset(0xfa8)] public UInt16 HeapVirtualAffinity;
[FieldOffset(0xfaa)] public UInt16 LowFragHeapDataSlot;
[FieldOffset(0xfac)] public void CurrentTransactionHandle;
[FieldOffset(0xfb0)] public TEB_ACTIVE_FRAME ActiveFrame;
[FieldOffset(0xfb4)] public void FlsData;
[FieldOffset(0xfb8)] public void PreferredLanguages;
[FieldOffset(0xfbc)] public void UserPrefLanguages;
[FieldOffset(0xfc0)] public void MergedPrefLanguages;
[FieldOffset(0xfc4)] public UInt32 MuiImpersonation;
[FieldOffset(0xfc8)] public UInt16 CrossTebFlags;
[FieldOffset(0xfca)] public UInt16 SameTebFlags;
[FieldOffset(0xfcc)] public void TxnScopeEnterCallback;
[FieldOffset(0xfd0)] public void TxnScopeExitCallback;
[FieldOffset(0xfd4)] public void TxnScopeContext;
[FieldOffset(0xfd8)] public UInt32 LockCount;
[FieldOffset(0xfdc)] public Int32 WowTebOffset;
[FieldOffset(0xfe0)] public void ResourceRetValue;
[FieldOffset(0xfe4)] public void ReservedForWdf;
[FieldOffset(0xfe8)] public UInt64 ReservedForCrt;
[FieldOffset(0xff0)] public Guid EffectiveContainerId;
public UInt16 SpareCrossTebBits => (UInt16)((CrossTebFlags & 0x0000) >> 0);
public bool SafeThunkCall => (SameTebFlags & 0x80000000) >> 0 == 1;
public bool InDebugPrint => (SameTebFlags & 0x0001) >> 1 == 1;
public bool HasFiberData => (SameTebFlags & 0x0002) >> 2 == 1;
public bool SkipThreadAttach => (SameTebFlags & 0x0004) >> 3 == 1;
public bool WerInShipAssertCode => (SameTebFlags & 0x0008) >> 4 == 1;
public bool RanProcessInit => (SameTebFlags & 0x0010) >> 5 == 1;
public bool ClonedThread => (SameTebFlags & 0x0020) >> 6 == 1;
public bool SuppressDebugMsg => (SameTebFlags & 0x0040) >> 7 == 1;
public bool DisableUserStackWalk => (SameTebFlags & 0x0080) >> 8 == 1;
public bool RtlExceptionAttached => (SameTebFlags & 0x0100) >> 9 == 1;
public bool InitialThread => (SameTebFlags & 0x0200) >> 10 == 1;
public bool SessionAware => (SameTebFlags & 0x0400) >> 11 == 1;
public bool LoadOwner => (SameTebFlags & 0x0800) >> 12 == 1;
public bool LoaderWorker => (SameTebFlags & 0x1000) >> 13 == 1;
public UInt16 SpareSameTebBits => (UInt16)((SameTebFlags & 0x6000) >> 14);
}
/// Generated by SystemStruct.ps1
[StructLayout(LayoutKind.Explicit, Size=0xc)]
public struct TEB_ACTIVE_FRAME
{
[FieldOffset(0x000)] public UInt32 Flags;
[FieldOffset(0x004)] public TEB_ACTIVE_FRAME Previous;
[FieldOffset(0x008)] public TEB_ACTIVE_FRAME_CONTEXT Context;
}
/// Generated by SystemStruct.ps1
[StructLayout(LayoutKind.Explicit, Size=0x8)]
public struct TEB_ACTIVE_FRAME_CONTEXT
{
[FieldOffset(0x000)] public UInt32 Flags;
[FieldOffset(0x004)] public byte FrameName;
}
/// Generated by SystemStruct.ps1
[StructLayout(LayoutKind.Explicit, Size=0x8)]
public struct UNICODE_STRING
{
[FieldOffset(0x000)] public UInt16 Length;
[FieldOffset(0x002)] public UInt16 MaximumLength;
[FieldOffset(0x004)] public UInt16 Buffer;
}
/// Generated by SystemStruct.ps1
[StructLayout(LayoutKind.Explicit, Size=0x2cc)]
public unsafe struct CONTEXT
{
[FieldOffset(0x000)] public UInt32 ContextFlags;
[FieldOffset(0x004)] public UInt32 Dr0;
[FieldOffset(0x008)] public UInt32 Dr1;
[FieldOffset(0x00c)] public UInt32 Dr2;
[FieldOffset(0x010)] public UInt32 Dr3;
[FieldOffset(0x014)] public UInt32 Dr6;
[FieldOffset(0x018)] public UInt32 Dr7;
[FieldOffset(0x01c)] public FLOATING_SAVE_AREA FloatSave;
[FieldOffset(0x08c)] public UInt32 SegGs;
[FieldOffset(0x090)] public UInt32 SegFs;
[FieldOffset(0x094)] public UInt32 SegEs;
[FieldOffset(0x098)] public UInt32 SegDs;
[FieldOffset(0x09c)] public UInt32 Edi;
[FieldOffset(0x0a0)] public UInt32 Esi;
[FieldOffset(0x0a4)] public UInt32 Ebx;
[FieldOffset(0x0a8)] public UInt32 Edx;
[FieldOffset(0x0ac)] public UInt32 Ecx;
[FieldOffset(0x0b0)] public UInt32 Eax;
[FieldOffset(0x0b4)] public UInt32 Ebp;
[FieldOffset(0x0b8)] public UInt32 Eip;
[FieldOffset(0x0bc)] public UInt32 SegCs;
[FieldOffset(0x0c0)] public UInt32 EFlags;
[FieldOffset(0x0c4)] public UInt32 Esp;
[FieldOffset(0x0c8)] public UInt32 SegSs;
[FieldOffset(0x0cc)] public fixed byte ExtendedRegisters [512];
}
/// Generated by SystemStruct.ps1
[StructLayout(LayoutKind.Explicit, Size=0x200)]
public unsafe struct XSAVE_FORMAT
{
[FieldOffset(0x000)] public UInt16 ControlWord;
[FieldOffset(0x002)] public UInt16 StatusWord;
[FieldOffset(0x004)] public byte TagWord;
[FieldOffset(0x005)] public byte Reserved1;
[FieldOffset(0x006)] public UInt16 ErrorOpcode;
[FieldOffset(0x008)] public UInt32 ErrorOffset;
[FieldOffset(0x00c)] public UInt16 ErrorSelector;
[FieldOffset(0x00e)] public UInt16 Reserved2;
[FieldOffset(0x010)] public UInt32 DataOffset;
[FieldOffset(0x014)] public UInt16 DataSelector;
[FieldOffset(0x016)] public UInt16 Reserved3;
[FieldOffset(0x018)] public UInt32 MxCsr;
[FieldOffset(0x01c)] public UInt32 MxCsr_Mask;
[FieldOffset(0x020)] public F128PARTS64 FloatRegisters0;
[FieldOffset(0x030)] public F128PARTS64 FloatRegisters1;
[FieldOffset(0x040)] public F128PARTS64 FloatRegisters2;
[FieldOffset(0x050)] public F128PARTS64 FloatRegisters3;
[FieldOffset(0x060)] public F128PARTS64 FloatRegisters4;
[FieldOffset(0x070)] public F128PARTS64 FloatRegisters5;
[FieldOffset(0x080)] public F128PARTS64 FloatRegisters6;
[FieldOffset(0x090)] public F128PARTS64 FloatRegisters7;
[FieldOffset(0x0a0)] public F128PARTS64 XmmRegisters0;
[FieldOffset(0x0b0)] public F128PARTS64 XmmRegisters1;
[FieldOffset(0x0c0)] public F128PARTS64 XmmRegisters2;
[FieldOffset(0x0d0)] public F128PARTS64 XmmRegisters3;
[FieldOffset(0x0e0)] public F128PARTS64 XmmRegisters4;
[FieldOffset(0x0f0)] public F128PARTS64 XmmRegisters5;
[FieldOffset(0x100)] public F128PARTS64 XmmRegisters6;
[FieldOffset(0x110)] public F128PARTS64 XmmRegisters7;
[FieldOffset(0x120)] public fixed byte Reserved4 [224];
}
}