flat assembler
Message board for the users of flat assembler.
Index
> Windows > Process Environment Block Goto page Previous 1, 2 |
Author |
|
Overflowz 03 Dec 2010, 18:21
baldr
I'm not using C |
|||
03 Dec 2010, 18:21 |
|
Overflowz 03 Dec 2010, 21:48
Hmm.. I'll explain better now. I know sizes are BIT, BYTE, WORD, DWORD, QWORD etc etc.. I don't know what size is "PVOID" for example. Where I can get size of that things ? (Ex. PVOID, LPVOID, ULONG) Thank you.
|
|||
03 Dec 2010, 21:48 |
|
baldr 03 Dec 2010, 22:40
Overflowz,
Those structures are defined in C, why should anyone expect anything different? Windows-esque style is to prepend «P» to anything that is pointer. |
|||
03 Dec 2010, 22:40 |
|
Overflowz 03 Dec 2010, 22:53
baldr
I know its defined in C but where I can get that ? |
|||
03 Dec 2010, 22:53 |
|
Fyyre 12 Jan 2011, 19:41
That is _PEB structure from MSDN, or something...
Here is real one: Code: struct _PEB { /*<thisrel this+0x0>*/ /*|0x1|*/ UCHAR InheritedAddressSpace; /*<thisrel this+0x1>*/ /*|0x1|*/ UCHAR ReadImageFileExecOptions; /*<thisrel this+0x2>*/ /*|0x1|*/ UCHAR BeingDebugged; /*<thisrel this+0x3>*/ /*|0x1|*/ UCHAR BitField; /*<bitfield this+0x3>*/ /*|0x1|*/ UCHAR ImageUsesLargePages:0:1; /*<bitfield this+0x3>*/ /*|0x1|*/ UCHAR IsProtectedProcess:1:1; /*<bitfield this+0x3>*/ /*|0x1|*/ UCHAR IsLegacyProcess:2:1; /*<bitfield this+0x3>*/ /*|0x1|*/ UCHAR IsImageDynamicallyRelocated:3:1; /*<bitfield this+0x3>*/ /*|0x1|*/ UCHAR SkipPatchingUser32Forwarders:4:1; /*<bitfield this+0x3>*/ /*|0x1|*/ UCHAR SpareBits:5:3; /*<thisrel this+0x8>*/ /*|0x8|*/ void* Mutant; /*<thisrel this+0x10>*/ /*|0x8|*/ void* ImageBaseAddress; /*<thisrel this+0x18>*/ /*|0x8|*/ struct _PEB_LDR_DATA* Ldr; /*<thisrel this+0x20>*/ /*|0x8|*/ struct _RTL_USER_PROCESS_PARAMETERS* ProcessParameters; /*<thisrel this+0x28>*/ /*|0x8|*/ void* SubSystemData; /*<thisrel this+0x30>*/ /*|0x8|*/ void* ProcessHeap; /*<thisrel this+0x38>*/ /*|0x8|*/ struct _RTL_CRITICAL_SECTION* FastPebLock; /*<thisrel this+0x40>*/ /*|0x8|*/ void* AtlThunkSListPtr; /*<thisrel this+0x48>*/ /*|0x8|*/ void* IFEOKey; /*<thisrel this+0x50>*/ /*|0x4|*/ unsigned long CrossProcessFlags; /*<bitfield this+0x50>*/ /*|0x4|*/ unsigned long ProcessInJob:0:1; /*<bitfield this+0x50>*/ /*|0x4|*/ unsigned long ProcessInitializing:1:1; /*<bitfield this+0x50>*/ /*|0x4|*/ unsigned long ProcessUsingVEH:2:1; /*<bitfield this+0x50>*/ /*|0x4|*/ unsigned long ProcessUsingVCH:3:1; /*<bitfield this+0x50>*/ /*|0x4|*/ unsigned long ProcessUsingFTH:4:1; /*<bitfield this+0x50>*/ /*|0x4|*/ unsigned long ReservedBits0:5:1b; /*<thisrel this+0x58>*/ /*|0x8|*/ void* KernelCallbackTable; /*<thisrel this+0x58>*/ /*|0x8|*/ void* UserSharedInfoPtr; /*<thisrel this+0x60>*/ /*|0x4|*/ unsigned long SystemReserved[1]; /*<thisrel this+0x64>*/ /*|0x4|*/ unsigned long AtlThunkSListPtr32; /*<thisrel this+0x68>*/ /*|0x8|*/ void* ApiSetMap; /*<thisrel this+0x70>*/ /*|0x4|*/ unsigned long TlsExpansionCounter; /*<thisrel this+0x78>*/ /*|0x8|*/ void* TlsBitmap; /*<thisrel this+0x80>*/ /*|0x8|*/ unsigned long TlsBitmapBits[2]; /*<thisrel this+0x88>*/ /*|0x8|*/ void* ReadOnlySharedMemoryBase; /*<thisrel this+0x90>*/ /*|0x8|*/ void* HotpatchInformation; /*<thisrel this+0x98>*/ /*|0x8|*/ void** ReadOnlyStaticServerData; /*<thisrel this+0xa0>*/ /*|0x8|*/ void* AnsiCodePageData; /*<thisrel this+0xa8>*/ /*|0x8|*/ void* OemCodePageData; /*<thisrel this+0xb0>*/ /*|0x8|*/ void* UnicodeCaseTableData; /*<thisrel this+0xb8>*/ /*|0x4|*/ unsigned long NumberOfProcessors; /*<thisrel this+0xbc>*/ /*|0x4|*/ unsigned long NtGlobalFlag; /*<thisrel this+0xc0>*/ /*|0x8|*/ union _LARGE_INTEGER CriticalSectionTimeout; /*<thisrel this+0xc8>*/ /*|0x8|*/ unsigned __int64 HeapSegmentReserve; /*<thisrel this+0xd0>*/ /*|0x8|*/ unsigned __int64 HeapSegmentCommit; /*<thisrel this+0xd8>*/ /*|0x8|*/ unsigned __int64 HeapDeCommitTotalFreeThreshold; /*<thisrel this+0xe0>*/ /*|0x8|*/ unsigned __int64 HeapDeCommitFreeBlockThreshold; /*<thisrel this+0xe8>*/ /*|0x4|*/ unsigned long NumberOfHeaps; /*<thisrel this+0xec>*/ /*|0x4|*/ unsigned long MaximumNumberOfHeaps; /*<thisrel this+0xf0>*/ /*|0x8|*/ void** ProcessHeaps; /*<thisrel this+0xf8>*/ /*|0x8|*/ void* GdiSharedHandleTable; /*<thisrel this+0x100>*/ /*|0x8|*/ void* ProcessStarterHelper; /*<thisrel this+0x108>*/ /*|0x4|*/ unsigned long GdiDCAttributeList; /*<thisrel this+0x110>*/ /*|0x8|*/ struct _RTL_CRITICAL_SECTION* LoaderLock; /*<thisrel this+0x118>*/ /*|0x4|*/ unsigned long OSMajorVersion; /*<thisrel this+0x11c>*/ /*|0x4|*/ unsigned long OSMinorVersion; /*<thisrel this+0x120>*/ /*|0x2|*/ unsigned short OSBuildNumber; /*<thisrel this+0x122>*/ /*|0x2|*/ unsigned short OSCSDVersion; /*<thisrel this+0x124>*/ /*|0x4|*/ unsigned long OSPlatformId; /*<thisrel this+0x128>*/ /*|0x4|*/ unsigned long ImageSubsystem; /*<thisrel this+0x12c>*/ /*|0x4|*/ unsigned long ImageSubsystemMajorVersion; /*<thisrel this+0x130>*/ /*|0x4|*/ unsigned long ImageSubsystemMinorVersion; /*<thisrel this+0x138>*/ /*|0x8|*/ unsigned __int64 ActiveProcessAffinityMask; /*<thisrel this+0x140>*/ /*|0xf0|*/ unsigned long GdiHandleBuffer[60]; /*<thisrel this+0x230>*/ /*|0x8|*/ void (PostProcessInitRoutine*)(); /*<thisrel this+0x238>*/ /*|0x8|*/ void* TlsExpansionBitmap; /*<thisrel this+0x240>*/ /*|0x80|*/ unsigned long TlsExpansionBitmapBits[32]; /*<thisrel this+0x2c0>*/ /*|0x4|*/ unsigned long SessionId; /*<thisrel this+0x2c8>*/ /*|0x8|*/ union _ULARGE_INTEGER AppCompatFlags; /*<thisrel this+0x2d0>*/ /*|0x8|*/ union _ULARGE_INTEGER AppCompatFlagsUser; /*<thisrel this+0x2d8>*/ /*|0x8|*/ void* pShimData; /*<thisrel this+0x2e0>*/ /*|0x8|*/ void* AppCompatInfo; /*<thisrel this+0x2e8>*/ /*|0x10|*/ struct _UNICODE_STRING CSDVersion; /*<thisrel this+0x2f8>*/ /*|0x8|*/ struct _ACTIVATION_CONTEXT_DATA* ActivationContextData; /*<thisrel this+0x300>*/ /*|0x8|*/ struct _ASSEMBLY_STORAGE_MAP* ProcessAssemblyStorageMap; /*<thisrel this+0x308>*/ /*|0x8|*/ struct _ACTIVATION_CONTEXT_DATA* SystemDefaultActivationContextData; /*<thisrel this+0x310>*/ /*|0x8|*/ struct _ASSEMBLY_STORAGE_MAP* SystemAssemblyStorageMap; /*<thisrel this+0x318>*/ /*|0x8|*/ unsigned __int64 MinimumStackCommit; /*<thisrel this+0x320>*/ /*|0x8|*/ struct _FLS_CALLBACK_INFO* FlsCallback; /*<thisrel this+0x328>*/ /*|0x10|*/ struct _LIST_ENTRY FlsListHead; /*<thisrel this+0x338>*/ /*|0x8|*/ void* FlsBitmap; /*<thisrel this+0x340>*/ /*|0x10|*/ unsigned long FlsBitmapBits[4]; /*<thisrel this+0x350>*/ /*|0x4|*/ unsigned long FlsHighIndex; /*<thisrel this+0x358>*/ /*|0x8|*/ void* WerRegistrationData; /*<thisrel this+0x360>*/ /*|0x8|*/ void* WerShipAssertPtr; /*<thisrel this+0x368>*/ /*|0x8|*/ void* pContextData; /*<thisrel this+0x370>*/ /*|0x8|*/ void* pImageHeaderHash; /*<thisrel this+0x378>*/ /*|0x4|*/ unsigned long TracingFlags; /*<bitfield this+0x378>*/ /*|0x4|*/ unsigned long HeapTracingEnabled:0:1; /*<bitfield this+0x378>*/ /*|0x4|*/ unsigned long CritSecTracingEnabled:1:1; /*<bitfield this+0x378>*/ /*|0x4|*/ unsigned long SpareTracingBits:2:1e; }; // <size 0x380> via pdbdump -Fyyre Overflowz wrote: baldr Code: |
|||
12 Jan 2011, 19:41 |
|
MinhHung 13 Jan 2011, 04:35
Overflowz
Quote:
what is this : Quote:
Quote:
why you said 'without using user32.dll' _________________ sorry for my english |
|||
13 Jan 2011, 04:35 |
|
Overflowz 13 Jan 2011, 11:31
MinhHung
Good question. I'm trying to load user32.dll from code not from main program. like, I'm trying to write shellcode things |
|||
13 Jan 2011, 11:31 |
|
MinhHung 14 Jan 2011, 05:56
Quote:
All pointer it have 4 byte or 8 byte in size(4 byte for os32 bit, 8byte for os64 bit) It only store address of memory it point to ex: if you have this struct Code: struct abc { int a,b; char c,*d; }; abc xxx; xxx in your memory is(os 32bit): Code: [4byte int a][4byte int b][1byte char c] Code: #include "stdio.h" #include "conio.h" struct abc { int a,b; char c; }; abc xxx; int main() { char *p=(char*)&xxx; *p=(int)1; //xxx.a *(p+4)=(int)3; //xxx.b *(p+8)='A'; //xxx.c printf("%i %i %c",xxx.a,xxx.b,xxx.c); getch(); } |
|||
14 Jan 2011, 05:56 |
|
Overflowz 18 Jan 2011, 11:03
MinhHung
I got it, thank you. =) |
|||
18 Jan 2011, 11:03 |
|
Goto page Previous 1, 2 < Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.