随笔分类 - 结构体、宏
摘要:typedef struct _SYSTEM_HANDLE_TABLE_ENTRY_INFO { USHORT UniqueProcessId; USHORT CreatorBackTraceIndex; UCHAR ObjectTypeIndex; UCHAR HandleAttributes;
阅读全文
摘要:typedef struct _RTL_PROCESS_MODULE_INFORMATION { HANDLE Section; // Not filled in PVOID MappedBase; PVOID ImageBase; ULONG ImageSize; ULONG Flags; USH
阅读全文
摘要:IRP所有标识位的含义,是 _IRP . flags 这个成员
阅读全文
摘要:https://msdn.microsoft.com/en-us/library/windows/hardware/ff545834(v=vs.85).aspx The FILE_OBJECT structure is used by the system to represent a file o
阅读全文
摘要:https://en.wikipedia.org/wiki/Win32_Thread_Information_Block 这是重点 herein: FS:[0x124] 4 NT Pointer to KTHREAD (ETHREAD) structure
阅读全文