diff --git a/include/winternl.h b/include/winternl.h index 1af1370aed2..48fa8d01d32 100644 --- a/include/winternl.h +++ b/include/winternl.h @@ -219,76 +219,75 @@ typedef struct _ACTIVATION_CONTEXT_STACK * PEB data structure */ typedef struct _PEB -{ - BOOLEAN InheritedAddressSpace; /* 00 */ - BOOLEAN ReadImageFileExecOptions; /* 01 */ - BOOLEAN BeingDebugged; /* 02 */ - BOOLEAN SpareBool; /* 03 */ - HANDLE Mutant; /* 04 */ - HMODULE ImageBaseAddress; /* 08 */ - PPEB_LDR_DATA LdrData; /* 0c */ - RTL_USER_PROCESS_PARAMETERS *ProcessParameters; /* 10 */ - PVOID SubSystemData; /* 14 */ - HANDLE ProcessHeap; /* 18 */ - PRTL_CRITICAL_SECTION FastPebLock; /* 1c */ - PVOID /*PPEBLOCKROUTINE*/ FastPebLockRoutine; /* 20 */ - PVOID /*PPEBLOCKROUTINE*/ FastPebUnlockRoutine; /* 24 */ - ULONG EnvironmentUpdateCount; /* 28 */ - PVOID KernelCallbackTable; /* 2c */ - PVOID EventLogSection; /* 30 */ - PVOID EventLog; /* 34 */ - PVOID /*PPEB_FREE_BLOCK*/ FreeList; /* 38 */ - ULONG TlsExpansionCounter; /* 3c */ - PRTL_BITMAP TlsBitmap; /* 40 */ - ULONG TlsBitmapBits[2]; /* 44 */ - PVOID ReadOnlySharedMemoryBase; /* 4c */ - PVOID ReadOnlySharedMemoryHeap; /* 50 */ - PVOID *ReadOnlyStaticServerData; /* 54 */ - PVOID AnsiCodePageData; /* 58 */ - PVOID OemCodePageData; /* 5c */ - PVOID UnicodeCaseTableData; /* 60 */ - ULONG NumberOfProcessors; /* 64 */ - ULONG NtGlobalFlag; /* 68 */ - BYTE Spare2[4]; /* 6c */ - LARGE_INTEGER CriticalSectionTimeout; /* 70 */ - ULONG HeapSegmentReserve; /* 78 */ - ULONG HeapSegmentCommit; /* 7c */ - ULONG HeapDeCommitTotalFreeThreshold; /* 80 */ - ULONG HeapDeCommitFreeBlockThreshold; /* 84 */ - ULONG NumberOfHeaps; /* 88 */ - ULONG MaximumNumberOfHeaps; /* 8c */ - PVOID *ProcessHeaps; /* 90 */ - PVOID GdiSharedHandleTable; /* 94 */ - PVOID ProcessStarterHelper; /* 98 */ - PVOID GdiDCAttributeList; /* 9c */ - PVOID LoaderLock; /* a0 */ - ULONG OSMajorVersion; /* a4 */ - ULONG OSMinorVersion; /* a8 */ - ULONG OSBuildNumber; /* ac */ - ULONG OSPlatformId; /* b0 */ - ULONG ImageSubSystem; /* b4 */ - ULONG ImageSubSystemMajorVersion; /* b8 */ - ULONG ImageSubSystemMinorVersion; /* bc */ - ULONG ImageProcessAffinityMask; /* c0 */ - ULONG GdiHandleBuffer[34]; /* c4 */ - ULONG PostProcessInitRoutine; /* 14c */ - PRTL_BITMAP TlsExpansionBitmap; /* 150 */ - ULONG TlsExpansionBitmapBits[32]; /* 154 */ - ULONG SessionId; /* 1d4 */ - ULARGE_INTEGER AppCompatFlags; /* 1d8 */ - ULARGE_INTEGER AppCompatFlagsUser; /* 1e0 */ - PVOID ShimData; /* 1e8 */ - PVOID AppCompatInfo; /* 1ec */ - UNICODE_STRING CSDVersion; /* 1f0 */ - PVOID ActivationContextData; /* 1f8 */ - PVOID ProcessAssemblyStorageMap; /* 1fc */ - PVOID SystemDefaultActivationData; /* 200 */ - PVOID SystemAssemblyStorageMap; /* 204 */ - ULONG MinimumStackCommit; /* 208 */ - PVOID *FlsCallback; /* 20c */ - LIST_ENTRY FlsListHead; /* 210 */ - PRTL_BITMAP FlsBitmap; /* 218 */ - ULONG FlsBitmapBits[4]; /* 21c */ +{ /* win32/win64 */ + BOOLEAN InheritedAddressSpace; /* 000/000 */ + BOOLEAN ReadImageFileExecOptions; /* 001/001 */ + BOOLEAN BeingDebugged; /* 002/002 */ + BOOLEAN SpareBool; /* 003/003 */ + HANDLE Mutant; /* 004/008 */ + HMODULE ImageBaseAddress; /* 008/010 */ + PPEB_LDR_DATA LdrData; /* 00c/018 */ + RTL_USER_PROCESS_PARAMETERS *ProcessParameters; /* 010/020 */ + PVOID SubSystemData; /* 014/028 */ + HANDLE ProcessHeap; /* 018/030 */ + PRTL_CRITICAL_SECTION FastPebLock; /* 01c/038 */ + PVOID /*PPEBLOCKROUTINE*/ FastPebLockRoutine; /* 020/040 */ + PVOID /*PPEBLOCKROUTINE*/ FastPebUnlockRoutine; /* 024/048 */ + ULONG EnvironmentUpdateCount; /* 028/050 */ + PVOID KernelCallbackTable; /* 02c/058 */ + ULONG Reserved[2]; /* 030/060 */ + PVOID /*PPEB_FREE_BLOCK*/ FreeList; /* 038/068 */ + ULONG TlsExpansionCounter; /* 03c/070 */ + PRTL_BITMAP TlsBitmap; /* 040/078 */ + ULONG TlsBitmapBits[2]; /* 044/080 */ + PVOID ReadOnlySharedMemoryBase; /* 04c/088 */ + PVOID ReadOnlySharedMemoryHeap; /* 050/090 */ + PVOID *ReadOnlyStaticServerData; /* 054/098 */ + PVOID AnsiCodePageData; /* 058/0a0 */ + PVOID OemCodePageData; /* 05c/0a8 */ + PVOID UnicodeCaseTableData; /* 060/0b0 */ + ULONG NumberOfProcessors; /* 064/0b8 */ + ULONG NtGlobalFlag; /* 068/0bc */ + LARGE_INTEGER CriticalSectionTimeout; /* 070/0c0 */ + SIZE_T HeapSegmentReserve; /* 078/0c8 */ + SIZE_T HeapSegmentCommit; /* 07c/0d0 */ + SIZE_T HeapDeCommitTotalFreeThreshold; /* 080/0d8 */ + SIZE_T HeapDeCommitFreeBlockThreshold; /* 084/0e0 */ + ULONG NumberOfHeaps; /* 088/0e8 */ + ULONG MaximumNumberOfHeaps; /* 08c/0ec */ + PVOID *ProcessHeaps; /* 090/0f0 */ + PVOID GdiSharedHandleTable; /* 094/0f8 */ + PVOID ProcessStarterHelper; /* 098/100 */ + PVOID GdiDCAttributeList; /* 09c/108 */ + PVOID LoaderLock; /* 0a0/110 */ + ULONG OSMajorVersion; /* 0a4/118 */ + ULONG OSMinorVersion; /* 0a8/11c */ + ULONG OSBuildNumber; /* 0ac/120 */ + ULONG OSPlatformId; /* 0b0/124 */ + ULONG ImageSubSystem; /* 0b4/128 */ + ULONG ImageSubSystemMajorVersion; /* 0b8/12c */ + ULONG ImageSubSystemMinorVersion; /* 0bc/130 */ + ULONG ImageProcessAffinityMask; /* 0c0/134 */ + HANDLE GdiHandleBuffer[28]; /* 0c4/138 */ + ULONG unknown[6]; /* 134/218 */ + PVOID PostProcessInitRoutine; /* 14c/230 */ + PRTL_BITMAP TlsExpansionBitmap; /* 150/238 */ + ULONG TlsExpansionBitmapBits[32]; /* 154/240 */ + ULONG SessionId; /* 1d4/2c0 */ + ULARGE_INTEGER AppCompatFlags; /* 1d8/2c8 */ + ULARGE_INTEGER AppCompatFlagsUser; /* 1e0/2d0 */ + PVOID ShimData; /* 1e8/2d8 */ + PVOID AppCompatInfo; /* 1ec/2e0 */ + UNICODE_STRING CSDVersion; /* 1f0/2e8 */ + PVOID ActivationContextData; /* 1f8/2f8 */ + PVOID ProcessAssemblyStorageMap; /* 1fc/300 */ + PVOID SystemDefaultActivationData; /* 200/308 */ + PVOID SystemAssemblyStorageMap; /* 204/310 */ + SIZE_T MinimumStackCommit; /* 208/318 */ + PVOID *FlsCallback; /* 20c/320 */ + LIST_ENTRY FlsListHead; /* 210/328 */ + PRTL_BITMAP FlsBitmap; /* 218/338 */ + ULONG FlsBitmapBits[4]; /* 21c/340 */ } PEB, *PPEB; @@ -296,72 +295,75 @@ typedef struct _PEB * TEB data structure */ typedef struct _TEB -{ - NT_TIB Tib; /* 000 */ - PVOID EnvironmentPointer; /* 01c */ - CLIENT_ID ClientId; /* 020 */ - PVOID ActiveRpcHandle; /* 028 */ - PVOID ThreadLocalStoragePointer; /* 02c */ - PPEB Peb; /* 030 */ - ULONG LastErrorValue; /* 034 */ - ULONG CountOfOwnedCriticalSections;/* 038 */ - PVOID CsrClientThread; /* 03c */ - PVOID Win32ThreadInfo; /* 040 */ - ULONG Win32ClientInfo[31]; /* 044 used for user32 private data in Wine */ - PVOID WOW32Reserved; /* 0c0 */ - ULONG CurrentLocale; /* 0c4 */ - ULONG FpSoftwareStatusRegister; /* 0c8 */ - PVOID SystemReserved1[54]; /* 0cc used for kernel32 private data in Wine */ - LONG ExceptionCode; /* 1a4 */ - ACTIVATION_CONTEXT_STACK ActivationContextStack; /* 1a8 */ - BYTE SpareBytes1[24]; /* 1bc used for ntdll private data in Wine */ - PVOID SystemReserved2[10]; /* 1d4 used for ntdll private data in Wine */ - GDI_TEB_BATCH GdiTebBatch; /* 1fc used for vm86 private data in Wine */ - ULONG gdiRgn; /* 6dc */ - ULONG gdiPen; /* 6e0 */ - ULONG gdiBrush; /* 6e4 */ - CLIENT_ID RealClientId; /* 6e8 */ - HANDLE GdiCachedProcessHandle; /* 6f0 */ - ULONG GdiClientPID; /* 6f4 */ - ULONG GdiClientTID; /* 6f8 */ - PVOID GdiThreadLocaleInfo; /* 6fc */ - PVOID UserReserved[5]; /* 700 */ - PVOID glDispachTable[280]; /* 714 */ - ULONG glReserved1[26]; /* b74 */ - PVOID glReserved2; /* bdc */ - PVOID glSectionInfo; /* be0 */ - PVOID glSection; /* be4 */ - PVOID glTable; /* be8 */ - PVOID glCurrentRC; /* bec */ - PVOID glContext; /* bf0 */ - ULONG LastStatusValue; /* bf4 */ - UNICODE_STRING StaticUnicodeString; /* bf8 used by advapi32 */ - WCHAR StaticUnicodeBuffer[261]; /* c00 used by advapi32 */ - PVOID DeallocationStack; /* e0c */ - PVOID TlsSlots[64]; /* e10 */ - LIST_ENTRY TlsLinks; /* f10 */ - PVOID Vdm; /* f18 */ - PVOID ReservedForNtRpc; /* f1c */ - PVOID DbgSsReserved[2]; /* f20 */ - ULONG HardErrorDisabled; /* f28 */ - PVOID Instrumentation[16]; /* f2c */ - PVOID WinSockData; /* f6c */ - ULONG GdiBatchCount; /* f70 */ - ULONG Spare2; /* f74 */ - ULONG Spare3; /* f78 */ - ULONG Spare4; /* f7c */ - PVOID ReservedForOle; /* f80 */ - ULONG WaitingOnLoaderLock; /* f84 */ - PVOID Reserved5[3]; /* f88 */ - PVOID *TlsExpansionSlots; /* f94 */ - ULONG ImpersonationLocale; /* f98 */ - ULONG IsImpersonating; /* f9c */ - PVOID NlsCache; /* fa0 */ - PVOID ShimData; /* fa4 */ - ULONG HeapVirtualAffinity; /* fa8 */ - PVOID CurrentTransactionHandle; /* fac */ - PVOID ActiveFrame; /* fb0 */ - PVOID *FlsSlots; /* fb4 */ +{ /* win32/win64 */ + NT_TIB Tib; /* 000/0000 */ + PVOID EnvironmentPointer; /* 01c/0038 */ + CLIENT_ID ClientId; /* 020/0040 */ + PVOID ActiveRpcHandle; /* 028/0050 */ + PVOID ThreadLocalStoragePointer; /* 02c/0058 */ + PPEB Peb; /* 030/0060 */ + ULONG LastErrorValue; /* 034/0068 */ + ULONG CountOfOwnedCriticalSections; /* 038/006c */ + PVOID CsrClientThread; /* 03c/0070 */ + PVOID Win32ThreadInfo; /* 040/0078 */ + ULONG Win32ClientInfo[31]; /* 044/0080 used for user32 private data in Wine */ + PVOID WOW32Reserved; /* 0c0/0100 */ + ULONG CurrentLocale; /* 0c4/0108 */ + ULONG FpSoftwareStatusRegister; /* 0c8/010c */ + PVOID SystemReserved1[54]; /* 0cc/0110 used for kernel32 private data in Wine */ + LONG ExceptionCode; /* 1a4/02c0 */ + ACTIVATION_CONTEXT_STACK ActivationContextStack; /* 1a8/02c8 */ + BYTE SpareBytes1[24]; /* 1bc/02e8 used for ntdll private data in Wine */ + PVOID SystemReserved2[10]; /* 1d4/0300 used for ntdll private data in Wine */ + GDI_TEB_BATCH GdiTebBatch; /* 1fc/0350 used for vm86 private data in Wine */ + HANDLE gdiRgn; /* 6dc/0838 */ + HANDLE gdiPen; /* 6e0/0840 */ + HANDLE gdiBrush; /* 6e4/0848 */ + CLIENT_ID RealClientId; /* 6e8/0850 */ + HANDLE GdiCachedProcessHandle; /* 6f0/0860 */ + ULONG GdiClientPID; /* 6f4/0868 */ + ULONG GdiClientTID; /* 6f8/086c */ + PVOID GdiThreadLocaleInfo; /* 6fc/0870 */ + ULONG UserReserved[5]; /* 700/0878 */ + PVOID glDispachTable[280]; /* 714/0890 */ + PVOID glReserved1[26]; /* b74/1150 */ + PVOID glReserved2; /* bdc/1220 */ + PVOID glSectionInfo; /* be0/1228 */ + PVOID glSection; /* be4/1230 */ + PVOID glTable; /* be8/1238 */ + PVOID glCurrentRC; /* bec/1240 */ + PVOID glContext; /* bf0/1248 */ + ULONG LastStatusValue; /* bf4/1250 */ + UNICODE_STRING StaticUnicodeString; /* bf8/1258 used by advapi32 */ + WCHAR StaticUnicodeBuffer[261]; /* c00/1268 used by advapi32 */ + PVOID DeallocationStack; /* e0c/1478 */ + PVOID TlsSlots[64]; /* e10/1480 */ + LIST_ENTRY TlsLinks; /* f10/1680 */ + PVOID Vdm; /* f18/1690 */ + PVOID ReservedForNtRpc; /* f1c/1698 */ + PVOID DbgSsReserved[2]; /* f20/16a0 */ + ULONG HardErrorDisabled; /* f28/16b0 */ + PVOID Instrumentation[16]; /* f2c/16b8 */ + PVOID WinSockData; /* f6c/1738 */ + ULONG GdiBatchCount; /* f70/1740 */ + ULONG Spare2; /* f74/1744 */ + PVOID Spare3; /* f78/1748 */ + PVOID Spare4; /* f7c/1750 */ + PVOID ReservedForOle; /* f80/1758 */ + ULONG WaitingOnLoaderLock; /* f84/1760 */ + PVOID Reserved5[3]; /* f88/1768 */ + PVOID *TlsExpansionSlots; /* f94/1780 */ + ULONG ImpersonationLocale; /* f98/1788 */ + ULONG IsImpersonating; /* f9c/178c */ + PVOID NlsCache; /* fa0/1790 */ + PVOID ShimData; /* fa4/1798 */ + ULONG HeapVirtualAffinity; /* fa8/17a0 */ + PVOID CurrentTransactionHandle; /* fac/17a8 */ + PVOID ActiveFrame; /* fb0/17b0 */ +#ifdef _WIN64 + PVOID unknown[2]; /* 17b8 */ +#endif + PVOID *FlsSlots; /* fb4/17c8 */ } TEB, *PTEB; /***********************************************************************