随笔分类 -  结构体、宏

摘要:typedef struct _SYSTEM_HANDLE_TABLE_ENTRY_INFO { USHORT UniqueProcessId; USHORT CreatorBackTraceIndex; UCHAR ObjectTypeIndex; UCHAR HandleAttributes; 阅读全文
posted @ 2017-06-11 18:59 穷到底 阅读(992) 评论(0) 推荐(0) 编辑
摘要:typedef struct _RTL_PROCESS_MODULE_INFORMATION { HANDLE Section; // Not filled in PVOID MappedBase; PVOID ImageBase; ULONG ImageSize; ULONG Flags; USH 阅读全文
posted @ 2017-06-11 18:58 穷到底 阅读(705) 评论(0) 推荐(0) 编辑
摘要:IRP所有标识位的含义,是 _IRP . flags 这个成员 阅读全文
posted @ 2016-09-12 20:13 穷到底 阅读(971) 评论(0) 推荐(0) 编辑
摘要:Windows XP x86 阅读全文
posted @ 2016-09-12 19:42 穷到底 阅读(358) 评论(0) 推荐(0) 编辑
摘要:https://msdn.microsoft.com/en-us/library/windows/hardware/ff545834(v=vs.85).aspx The FILE_OBJECT structure is used by the system to represent a file o 阅读全文
posted @ 2016-09-12 17:28 穷到底 阅读(714) 评论(0) 推荐(0) 编辑
摘要:https://en.wikipedia.org/wiki/Win32_Thread_Information_Block 这是重点 herein: FS:[0x124] 4 NT Pointer to KTHREAD (ETHREAD) structure 阅读全文
posted @ 2016-08-31 18:00 穷到底 阅读(830) 评论(0) 推荐(0) 编辑
