Skip to content

Instantly share code, notes, and snippets.

@herrcore

herrcore/PEB_UNIVERSAL.h

Created October 21, 2021 21:43
Show Gist options
  • Star 2 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save herrcore/fd355c25c142c53a920c9f082d45c50c to your computer and use it in GitHub Desktop.
Save herrcore/fd355c25c142c53a920c9f082d45c50c to your computer and use it in GitHub Desktop.
Download ZIP
Process Environment Block (PEB) Universal Struct - Fix broken IDA struct
Raw
PEB_UNIVERSAL.h
struct PEB_UNIVERSAL
{
BOOLEAN InheritedAddressSpace; //0x0000
BOOLEAN ReadImageFileExecOptions; //0x0001
BOOLEAN BeingDebugged; //0x0002
BYTE byte3;
HANDLE Mutant; //0x0004
void* ImageBaseAddress; //0x0008
PEB_LDR_DATA* Ldr; //0x000C
RTL_USER_PROCESS_PARAMETERS* ProcessParameters; //0x0010
void* SubSystemData; //0x0014
void* ProcessHeap; //0x0018
RTL_CRITICAL_SECTION* FastPebLock; //0x001C
void* dword20;
void* dword24;
DWORD dword28;
DWORD dword2C;
DWORD SystemReserved; //0x0030
DWORD dword34;
DWORD dword38;
DWORD TlsExpansionCounter; //0x003C
void* TlsBitmap; //0x0040
DWORD TlsBitmapBits[2]; //0x0044
void* ReadOnlySharedMemoryBase; //0x004C
DWORD dword50;
void** ReadOnlyStaticServerData; //0x0054
void* AnsiCodePageData; //0x0058
void* OemCodePageData; //0x005C
void* UnicodeCaseTableData; //0x0060
DWORD NumberOfProcessors; //0x0064
DWORD NtGlobalFlag; //0x0068
LARGE_INTEGER CriticalSectionTimeout; //0x0070
DWORD HeapSegmentReserve; //0x0078
DWORD HeapSegmentCommit; //0x007C
DWORD HeapDeCommitTotalFreeThreshold; //0x0080
DWORD HeapDeCommitFreeBlockThreshold; //0x0084
DWORD NumberOfHeaps; //0x0088
DWORD MaximumNumberOfHeaps; //0x008C
void** ProcessHeaps; //0x0090
void* GdiSharedHandleTable; //0x0094
void* ProcessStarterHelper; //0x0098
DWORD GdiDCAttributeList; //0x009C
DWORD dwordA0;
DWORD OSMajorVersion; //0x00A4
DWORD OSMinorVersion; //0x00A8
WORD OSBuildNumber; //0x00AC
WORD OSCSDVersion; //0x00AE
DWORD OSPlatformId; //0x00B0
DWORD ImageSubsystem; //0x00B4
DWORD ImageSubsystemMajorVersion; //0x00B8
DWORD ImageSubsystemMinorVersion; //0x00BC
DWORD dwordC0;
DWORD GdiHandleBuffer[0x22]; //0x00C4
void* PostProcessInitRoutine; //0x014C
void* TlsExpansionBitmap; //0x0150
DWORD TlsExpansionBitmapBits[0x20]; //0x0154
DWORD SessionId; //0x01D4
ULARGE_INTEGER AppCompatFlags; //0x01D8
ULARGE_INTEGER AppCompatFlagsUser; //0x01E0
void* pShimData; //0x01E8
void* AppCompatInfo; //0x01EC
UNICODE_STRING CSDVersion; //0x01F0
void* ActivationContextData; //0x01F8
void* ProcessAssemblyStorageMap; //0x01FC
void* SystemDefaultActivationContextData; //0x0200
void* SystemAssemblyStorageMap; //0x0204
DWORD MinimumStackCommit; //0x0208
void* FlsCallback; //0x020C
LIST_ENTRY FlsListHead; //0x0210
void* FlsBitmap; //0x0218
DWORD FlsBitmapBits[4]; //0x021C
DWORD FlsHighIndex; //0x022C
void* WerRegistrationData; //0x0230
void* WerShipAssertPtr; //0x0234
DWORD dword238;
void* pImageHeaderHash; //0x023C
};
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment