flat assembler
Message board for the users of flat assembler.

Index > Heap > Tomasz, structs can be partialy altered?

Author
Thread Post new topic Reply to topic
ProMiNick



Joined: 24 Mar 2012
Posts: 524
Location: Russian Federation, Sochi
ProMiNick
helping constants (previously I liked NTDDI constants, but I dissapointed in them in case of suppot pre NTs too)
Code:
; File flags for version info
VS_FF_DEBUG             = $00000001 ; file contain debug info
VS_FF_PRERELEASE        = $00000002 ; under development
VS_FF_PATCHED           = $00000004 ; not identical to original with same version
VS_FF_PRIVATEBUILD      = $00000008 ; assembled differently
VS_FF_INFOINFERRED      = $00000010 ; version info may be incorrect
VS_FF_SPECIALBUILD      = $00000020 ; branch

; OS types for version info
VOS_UNKNOWN             = $00000000
VOS_BASE                = $00000000
VOS__WINDOWS16          = $00000001
VOS__PM16               = $00000002 ; targeted to Presentation Manager (16 bit)
VOS__PM32               = $00000003 ; targeted to Presentation Manager (32 bit)
VOS__WINDOWS32          = $00000004
VOS__WINDOWS64          = $00000005
VOS_DOS                 = $00010000
VOS_DOS_WINDOWS16       = $00010001 ; targeted to Win16 subsistem under DOS
VOS_DOS_WINDOWS32       = $00010004 ; targeted to Win32 subsistem under DOS
VOS_OS216               = $00020000 ; targeted to OS/2 (16 bit)
VOS_OS216_PM16          = $00020002 ; targeted to OS/2 (16 bit) & Presentation Manager (16 bit)
VOS_OS232               = $00030000 ; targeted to OS/2 (32 bit)
VOS_OS232_PM32          = $00030003 ; targeted to OS/2 (32 bit) & Presentation Manager (32 bit)
VOS_NT                  = $00040000 ; targeted to Windows NT(/2000)
VOS_NT_WINDOWS32        = $00040004 ; targeted to Windows NT(/2000)
VOS_NT_WINDOWS64        = $00040005 ; targeted to Windows XP64+
VOS_CE_WINDOWS32        = $00000004

; File types for version info
VFT_UNKNOWN             = $00000000
VFT_APP                 = $00000001
VFT_DLL                 = $00000002
VFT_DRV                 = $00000003
VFT_FONT                = $00000004
VFT_VXD                 = $00000005
VFT_STATIC_LIB          = $00000007

; Driver file subtypes for version info
VFT2_UNKNOWN            = $00000000
VFT2_DRV_PRINTER        = $00000001
VFT2_DRV_KEYBOARD       = $00000002
VFT2_DRV_LANGUAGE       = $00000003
VFT2_DRV_DISPLAY        = $00000004
VFT2_DRV_MOUSE          = $00000005
VFT2_DRV_NETWORK        = $00000006
VFT2_DRV_SYSTEM         = $00000007
VFT2_DRV_INSTALLLABLE   = $00000008
VFT2_DRV_SOUND          = $00000009
VFT2_DRV_COMM           = $0000000A
VFT2_DRV_INPUTMETHOD    = $0000000B

; Font file subtypes for version info
;VFT2_UNKNOWN           = $00000000
VFT2_FONT_RASTER        = $00000001
VFT2_FONT_VECTOR        = $00000002
VFT2_FONT_TRUETYPE      = $00000003

; X86 workstation family under DOS
VWINDOWS_1              = $01010000
VWINDOWS_102            = $01020000
VWINDOWS_103            = $01030000
VWINDOWS_104            = $01040000
VWINDOWS_203            = $02030000
VWINDOWS_210            = $020A0000
VWINDOWS_211            = $020B0000
VWINDOWS_3              = $03000000
VWINDOWS_31             = $030A0000
VWINDOWS_32             = $030A0200
VWINDOWS_311            = $030B0000
; X86 workstation family of win9x
VWINDOWS_95             = $04000000
VWINDOWS_98             = $040A0000
VWINDOWS_ME             = $045A0000
; X86 workstation family of NTs
VWINDOWS_NT31           = $03010000
VWINDOWS_NT35           = $03050000
VWINDOWS_NT351          = $03330000
VWINDOWS_NT4            = $04000000
VWINDOWS_NT4SP1         = $04000100
VWINDOWS_NT4SP2         = $04000200
VWINDOWS_NT4SP3         = $04000300
VWINDOWS_NT4SP4         = $04000400
VWINDOWS_NT4SP5         = $04000500
VWINDOWS_NT4SP6         = $04000600
VWINDOWS_2K             = $05000000
VWINDOWS_2KSP1          = $05000100
VWINDOWS_2KSP2          = $05000200
VWINDOWS_2KSP3          = $05000300
VWINDOWS_2KSP4          = $05000400
VWINDOWS_XP             = $05010000
VWINDOWS_XPSP1          = $05010100
VWINDOWS_XPSP2          = $05010200
VWINDOWS_XPSP3          = $05010300
VWINDOWS_XP64           = $05020000
VWINDOWS_VISTA          = $06000000
VWINDOWS_VISTASP1       = $06000100
VWINDOWS_VISTASP2       = $06000200
VWINDOWS_7              = $06010000
VWINDOWS_7SP1           = $06010100
VWINDOWS_8              = $06020000
VWINDOWS_81             = $06030000
VWINDOWS_10             = $0A000000
VWINDOWS_10B1511        = $0A0005E7
VWINDOWS_10B1709        = $0A0006AD
; X86 server family of NTs
VWINDOWS_SERVER_NT31    = $03010000
VWINDOWS_SERVER_NT35    = $03050000
VWINDOWS_SERVER_NT351   = $03330000
VWINDOWS_SERVER_2K      = $05000000
VWINDOWS_SERVER_2KSP1   = $05000100
VWINDOWS_SERVER_2KSP2   = $05000200
VWINDOWS_SERVER_2KSP3   = $05000300
VWINDOWS_SERVER_2KSP4   = $05000400
VWINDOWS_SERVER_2K3     = $05020000
VWINDOWS_SERVER_2K3SP1  = $05020100
VWINDOWS_SERVER_2K3SP2  = $05020200
VWINDOWS_SERVER_2K3SP3  = $05020300
VWINDOWS_SERVER_2K3SP4  = $05020400
VWINDOWS_SERVER_2K8     = $06000000
VWINDOWS_SERVER_2K8_R2  = $06010000
VWINDOWS_SERVER_2K12    = $06020000
VWINDOWS_SERVER_2K12_R2 = $06030000
VWINDOWS_SERVER_2K16    = $0A000000
VWINDOWS_SERVER_2K19    = $0A000000
; mobile CE family
VWINDOWS_CE_1           = $01000000
VWINDOWS_CE_101         = $01010000
VWINDOWS_CE_2           = $02000000
VWINDOWS_CE_201         = $02010000
VWINDOWS_CE_211         = $020B0000
VWINDOWS_CE_212         = $020C0000
VWINDOWS_CE_3           = $03000000
VWINDOWS_CE_35          = $03050000
VWINDOWS_CE_4           = $04000000
VWINDOWS_CE_41          = $04010000
VWINDOWS_CE_42          = $04020000
VWINDOWS_CE_5           = $05000000
VWINDOWS_CE_6           = $06000000
VWINDOWS_CE_7           = $07000000
VWINDOWS_MOBILE_5       = $05000000
VWINDOWS_MOBILE_6       = $06000000
VWINDOWS_MOBILE_7       = $07000000
; mobile NT family
VWINDOWS_RT             = $06020000
VWINDOWS_RT81           = $06030000
VWINDOWS_MOBILE_10      = $0A000000

; platforms

VER_PLATFORM_WIN32S             = $0000
VER_PLATFORM_WIN32_WINDOWS      = $0001
VER_PLATFORM_WIN32_NT           = $0002
VER_PLATFORM_WIN32_CE           = $0003

VER_PLATFORM_UNIX               = $8000
VER_PLATFORM_MACOSX             = $8101
VER_PLATFORM_IOS                = $8102
VER_PLATFORM_LINUX              = $8201
VER_PLATFORM_SOLARIS            = $8202
VER_PLATFORM_ANDROID            = $8203
VER_PLATFORM_PS3                = $8204
VER_PLATFORM_NACL               = $8205     

helping structs:
Code:
struct LIST_ENTRY
  Flink dd ?
  Blink dd ?
ends 

struct UNICODE_STRING
        Length          dw ?
        MaxLength       dw ?
        Buffer          dd ?
ends    


Code:
struct PEB
        InheritedAddressSpace                   db ?
        ReadImageFileExecOptions                db ?
        BeingDebugged                           db ?
        InProcessFlags                          db ?
        Mutant                                  dd ?
        ImageBaseAddress                        dd ?
        Ldr                                     dd ?
        ProcessParameters                       dd ?
        SubSystemData                           dd ?
        ProcessHeap                             dd ?
        FastPebLock                             dd ?
        union
                struct  ;up to 5.1
                        FastPebLockRoutine      dd ?
                        FastPebUnlockRoutine    dd ?
                ends
                struct  ;5.2
                        SparePtr1               dd ?
                        SparePtr2               dd ?
                ends
                struct  ;6.0 and higher
                        AtlThunkSListPtr        dd ?
                        IFEOKey                 dd ?
                ends
        ends
        union
                EnvironmentUpdateCount          dd ?
                CrossProcessFlags               db ?
        ends
        union
                KernelCallbackTable             dd ?
                UserSharedInfoPtr               dd ?
        ends
        union
                EventLogSection                 dd ?
                SystemReserved                  dd ?
        ends
        union
                SpareUlong                      dd ?
                AtlThunkSListPtr32              dd ?
        ends
        union
                FreeList                        dd ?
                SparePebPtr0                    dd ?
                ApiSetMap                       dd ?
        ends
        TlsExpansionCounter                     dd ?
        TlsBitmap                               dd ?
        TlsBitmapBits                           dd ?,?
        ReadOnlySharedMemoryBase                dd ?
        union
                ReadOnlySharedMemoryHeap        dd ?
                HotpatchInformation             dd ?
                SparePvoid0                     dd ?
                SharedData                      dd ?
        ends
        ReadOnlyStaticServerData                dd ?
        AnsiCodePageData                        dd ?
        OemCodePageData                         dd ?
        UnicodeCaseTableData                    dd ?
        NumberOfProcessors                      dd ?
        if defined %targetOS% & %targetOS%<VWINDOWS_NT351
        else
                union
                        NtGlobalFlag            dd ?
                                                dq ?
                ends
        end if
        CriticalSectionTimeout                  dq ?
        if defined %targetOS% & %targetOS%<VWINDOWS_NT351
        else
                HeapSegmentReserve                      dd ?
                HeapSegmentCommit                       dd ?
                HeapDeCommitTotalFreeThreshold          dd ?
                HeapDeCommitFreeBlockThreshold          dd ?
                NumberOfHeaps                           dd ?
                MaximumNumberOfHeaps                    dd ?
                ProcessHeaps                            dd ?
                GdiSharedHandleTable                    dd ?
                if defined %targetOS% & %targetOS%<VWINDOWS_NT4
                else
                        ProcessStarterHelper                    dd ?
                        GdiDCAttributeList                      dd ?
                        LoaderLock                              dd ?
                        OSMajorVersion                          dd ?
                        OSMinorVersion                          dd ?
                        OSBuildNumber                           dw ?
                        OSCSDVersion                            dw ?
                        OSPlatformId                            dd ?
                        ImageSubsystem                          dd ?
                        ImageSubsystemMajorVersion              dd ?
                        ImageSubsystemMinorVersion              dd ?
                        union
                                ImageProcessAffinityMask        dd ?
                                ActiveProcessAffinityMask       dd ?
                        ends
                        GdiHandleBuffer                         dd $22 dup (?)
                        if defined %targetOS% & %targetOS%<VWINDOWS_2K
                                                                        dd ?
                        else
                                PostProcessInitRoutine                  dd ?
                                TlsExpansionBitmap                      dd ?
                                TlsExpansionBitmapBits                  dd $20 dup (?)
                                SessionId                               dd ?
                                if defined %targetOS% & %targetOS%<VWINDOWS_XP
                                else
                                        AppCompatFlags                  dq ?
                                        AppCompatFlagsUser              dq ?
                                        pShimData                       dd ?
                                end if
                                AppCompatInfo                           dd ?
                                CSDVersion                              UNICODE_STRING
                                if defined %targetOS% & %targetOS%<VWINDOWS_XP
                                                                        dd ?
                                else
                                        ActivationContextData                   dd ?
                                        ProcessAssemblyStorageMap               dd ?
                                        SystemDefaultActivationContextData      dd ?
                                        SystemAssemblyStorageMap                dd ?
                                        MinimumStackCommit                      dd ?
                                        if defined %targetOS% & %targetOS%<VWINDOWS_SERVER_2K3
                                                                                dd ?
                                        else
                                                FlsCallback                             dd ?
                                                FlsListHead                             dd ?
                                                FlsBitmap                               dd ?
                                                FlsBitmapBits                           dd 4 dup (?)
                                                FlsHighIndex                            dd ?
                                                if defined %targetOS% & %targetOS%<VWINDOWS_VISTA
                                                else
                                                        WerRegistrationData                     dd ?
                                                        WerShipAssertPtr                        dd ?
                                                        if defined %targetOS% & %targetOS%<VWINDOWS_7
                                                        else
                                                                union
                                                                        pContextData                    dd ?
                                                                        pUnused                         dd ?
                                                                ends
                                                                pImageHeaderHash                        dd ?
                                                                TracingFlags                            dd ?
                                                                                                        dd ?
                                                                if defined %targetOS% & %targetOS%<VWINDOWS_8
                                                                else
                                                                        CsrServerReadOnlySharedMemoryBase       dq ?
                                                                        if defined %targetOS% & %targetOS%<VWINDOWS_10B1511
                                                                        else
                                                                                TppWorkerpListLock                      dd ?
                                                                                TppWorkerpList                          LIST_ENTRY
                                                                                WaitOnAddressHashTable                  dd 128 dup (?)
                                                                                if defined %targetOS% & %targetOS%<VWINDOWS_10B1709
                                                                                        dd ?
                                                                                else
                                                                                        TelemetryCoverageHeader         dd ?
                                                                                        CloudFileFlags                  dd ?
                                                                                                                        dd ?
                                                                                end if
                                                                        end if
                                                                end if
                                                        end if
                                                end if
                                        end if
                                end if
                        end if
                end if
        end if
ends    


of cource there are stage intermixing.

Thanks if there any way exists.
Just struct extending dosn`t work with NT351 there was first insertion in ancestor fields, than with XP was second insertion.

_________________
I don`t like to refer by "you" to one person.
My soul requires acronim "thou" instead.
Post 16 Apr 2020, 21:26
View user's profile Send private message Send e-mail Reply with quote
ProMiNick



Joined: 24 Mar 2012
Posts: 524
Location: Russian Federation, Sochi
ProMiNick
I think there is no needance in struct implementation of TEB & PEB: they never used to initialize data, only to access fields, even in OSdev point of view data initialization of that structures is dinamic.
Next solution don`t solves topic question, but applicable for TEB & PEB:
Code:
virtual at 0
        PEB.InheritedAddressSpace                       db ?
        PEB.ReadImageFileExecOptions                    db ?
        PEB.BeingDebugged                               db ?
        PEB.InProcessFlags                              db ?
        PEB.Mutant                                      dd ?
        PEB.ImageBaseAddress                            dd ?
        PEB.Ldr                                         dd ?
        PEB.ProcessParameters                           dd ?
        PEB.SubSystemData                               dd ?
        PEB.ProcessHeap                                 dd ?
        PEB.FastPebLock                                 dd ?
if defined %targetOS%
 virtual
  if %targetOS%<VWINDOWS_SERVER_2K3
        PEB.FastPebLockRoutine                          dd ?
        PEB.FastPebUnlockRoutine                        dd ?
  else if %targetOS%<VWINDOWS_VISTA
        PEB.SparePtr1                                   dd ?
        PEB.SparePtr2                                   dd ?
  else
        PEB.AtlThunkSListPtr                            dd ?
        PEB.IFEOKey                                     dd ?
  end if
 end virtual
end if
                                                        rb 8
if defined %targetOS% & %targetOS%>=VWINDOWS_NT351
 virtual
  if %targetOS%<VWINDOWS_VISTA
        PEB.EnvironmentUpdateCount                      dd ?
  else
        PEB.CrossProcessFlags                           dd ?
   virtual
        PEB.UserSharedInfoPtr                           dd ?
   end virtual
  end if
        PEB.KernelCallbackTable                         dd ?
  if %targetOS%<VWINDOWS_2K
        PEB.EventLogSection                             dd ?
        PEB.EventLog                                    dd ?
  else
        PEB.SystemReserved                              dd ?
   if %targetOS%>=VWINDOWS_7 | %targetOS%=VWINDOWS_XPSP3
        PEB.AtlThunkSListPtr32                          dd ?
   else
        PEB.SpareUlong                                  dd ?
   end if
  end if
 end virtual
end if
                                                        rb $10
if defined %targetOS%
 virtual
  if %targetOS%<=VWINDOWS_VISTA
        PEB.FreeList                                    dd ?
  else if %targetOS%<VWINDOWS_7
        PEB.SparePebPtr0                                dd ?
  else
        PEB.ApiSetMap                                   dd ?
  end if
 end virtual
end if
                                                        rb 4
        PEB.TlsExpansionCounter                         dd ?
        PEB.TlsBitmap                                   dd ?
        PEB.TlsBitmapBits                               dd 2 dup (?)
        PEB.ReadOnlySharedMemoryBase                    dd ?
if defined %targetOS%
 virtual
  if %targetOS%<VWINDOWS_VISTA
        PEB.ReadOnlySharedMemoryHeap                    dd ?
  else if %targetOS%<VWINDOWS_81
        PEB.HotpatchInformation                         dd ?
  else if %targetOS%<VWINDOWS_10B1703
        PEB.SparePvoid0                                 dd ?
  else
        PEB.SharedData                                  dd ?
  end if
 end virtual
end if
                                                        rb 4
        PEB.ReadOnlyStaticServerData                    dd ?
        PEB.AnsiCodePageData                            dd ?
        PEB.OemCodePageData                             dd ?
        PEB.UnicodeCaseTableData                        dd ?
if defined %targetOS% & %targetOS%>=VWINDOWS_NT351
 virtual
        PEB.NumberOfProcessors                          dd ?
 end virtual
end if
                                                        rb 4
if defined %targetOS% & %targetOS%<VWINDOWS_NT351
else
        PEB.NtGlobalFlag                                dd ?
                                                        dd ?
end if
        PEB.CriticalSectionTimeout                      dq ?
end virtual

sizeof.PEB.preNT3.51    = $70
sizeof.PEB.NT3.51       = $98
sizeof.PEB.NT4          = $150
sizeof.PEB.NT5          = $1E8
sizeof.PEB.NT5.1        = $210
sizeof.PEB.NT5.2        = $230
sizeof.PEB.NT6.0        = $238
sizeof.PEB.NT6.1        = $248
sizeof.PEB.NT6.2        = $250
sizeof.PEB.NT10BUILD1511= $460
sizeof.PEB.NT10BUILD1709= $468     

not defined fully, but enought to see first point with member insertion.
Post 17 Apr 2020, 07:59
View user's profile Send private message Send e-mail Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar.

Powered by rwasa.