x64dbg
/
TitanEngine
mirror of https://github.com/x64dbg/TitanEngine
1
0
Fork 0
Code Releases Activity

fix safe attach option on 32 bit

This commit is contained in:
Duncan Ogilvie 2018-10-31 00:12:48 +01:00
parent bfec722a12
commit f835fc8719
No known key found for this signature in database
GPG Key ID: FC89E0AAA0C1AAD8
1 changed files with 41 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
TitanEngine/ntdll.h
View File

@ -2528,6 +2528,15 @@ typedef struct _PEB_LDR_DATA
HANDLE ShutdownThreadId; HANDLE ShutdownThreadId;
} PEB_LDR_DATA, *PPEB_LDR_DATA; } PEB_LDR_DATA, *PPEB_LDR_DATA;
typedef struct _ACTIVATION_CONTEXT_STACK
{
struct _RTL_ACTIVATION_CONTEXT_STACK_FRAME* ActiveFrame;
LIST_ENTRY FrameListCache;
ULONG Flags;
ULONG NextCookieSequenceNumber;
ULONG StackId;
} ACTIVATION_CONTEXT_STACK, *PACTIVATION_CONTEXT_STACK;
typedef struct _PEB typedef struct _PEB
{ {
BOOLEAN InheritedAddressSpace; BOOLEAN InheritedAddressSpace;
@ -2585,12 +2594,14 @@ typedef struct _PEB
ULONG TlsExpansionCounter; ULONG TlsExpansionCounter;
PVOID TlsBitmap; PVOID TlsBitmap;
ULONG TlsBitmapBits[2]; ULONG TlsBitmapBits[2];
PVOID ReadOnlySharedMemoryBase; PVOID ReadOnlySharedMemoryBase;
PVOID HotpatchInformation; PVOID SharedData; // HotpatchInformation
PVOID* ReadOnlyStaticServerData; PVOID* ReadOnlyStaticServerData;
PVOID AnsiCodePageData;
PVOID OemCodePageData; PVOID AnsiCodePageData; // PCPTABLEINFO
PVOID UnicodeCaseTableData; PVOID OemCodePageData; // PCPTABLEINFO
PVOID UnicodeCaseTableData; // PNLSTABLEINFO
ULONG NumberOfProcessors; ULONG NumberOfProcessors;
ULONG NtGlobalFlag; ULONG NtGlobalFlag;
@ -2603,7 +2614,7 @@ typedef struct _PEB
ULONG NumberOfHeaps; ULONG NumberOfHeaps;
ULONG MaximumNumberOfHeaps; ULONG MaximumNumberOfHeaps;
PVOID* ProcessHeaps; PVOID* ProcessHeaps; // PHEAP
PVOID GdiSharedHandleTable; PVOID GdiSharedHandleTable;
PVOID ProcessStarterHelper; PVOID ProcessStarterHelper;
@ -2631,14 +2642,14 @@ typedef struct _PEB
ULARGE_INTEGER AppCompatFlags; ULARGE_INTEGER AppCompatFlags;
ULARGE_INTEGER AppCompatFlagsUser; ULARGE_INTEGER AppCompatFlagsUser;
PVOID pShimData; PVOID pShimData;
PVOID AppCompatInfo; PVOID AppCompatInfo; // APPCOMPAT_EXE_DATA
UNICODE_STRING CSDVersion; UNICODE_STRING CSDVersion;
PVOID ActivationContextData; PVOID ActivationContextData; // ACTIVATION_CONTEXT_DATA
PVOID ProcessAssemblyStorageMap; PVOID ProcessAssemblyStorageMap; // ASSEMBLY_STORAGE_MAP
PVOID SystemDefaultActivationContextData; PVOID SystemDefaultActivationContextData; // ACTIVATION_CONTEXT_DATA
PVOID SystemAssemblyStorageMap; PVOID SystemAssemblyStorageMap; // ASSEMBLY_STORAGE_MAP
SIZE_T MinimumStackCommit; SIZE_T MinimumStackCommit;
@ -2650,7 +2661,7 @@ typedef struct _PEB
PVOID WerRegistrationData; PVOID WerRegistrationData;
PVOID WerShipAssertPtr; PVOID WerShipAssertPtr;
PVOID pContextData; PVOID pUnused; // pContextData
PVOID pImageHeaderHash; PVOID pImageHeaderHash;
union union
{ {
@ -2667,6 +2678,8 @@ typedef struct _PEB
PVOID TppWorkerpListLock; PVOID TppWorkerpListLock;
LIST_ENTRY TppWorkerpList; LIST_ENTRY TppWorkerpList;
PVOID WaitOnAddressHashTable[128]; PVOID WaitOnAddressHashTable[128];
PVOID TelemetryCoverageHeader; // REDSTONE3
ULONG CloudFileFlags;
} PEB, *PPEB; } PEB, *PPEB;
#define GDI_BATCH_BUFFER_SIZE 310 #define GDI_BATCH_BUFFER_SIZE 310
@ -2711,17 +2724,31 @@ typedef struct _TEB
LCID CurrentLocale; LCID CurrentLocale;
ULONG FpSoftwareStatusRegister; ULONG FpSoftwareStatusRegister;
PVOID ReservedForDebuggerInstrumentation[16]; PVOID ReservedForDebuggerInstrumentation[16];
PVOID SystemReserved1[37]; #ifdef _WIN64
PVOID SystemReserved1[30];
#else
PVOID SystemReserved1[26];
#endif
CHAR PlaceholderCompatibilityMode;
CHAR PlaceholderReserved[11];
ULONG ProxiedProcessId;
ACTIVATION_CONTEXT_STACK ActivationStack;
UCHAR WorkingOnBehalfTicket[8]; UCHAR WorkingOnBehalfTicket[8];
NTSTATUS ExceptionCode; NTSTATUS ExceptionCode;
PVOID ActivationContextStackPointer; PACTIVATION_CONTEXT_STACK ActivationContextStackPointer;
ULONG_PTR InstrumentationCallbackSp; ULONG_PTR InstrumentationCallbackSp;
ULONG_PTR InstrumentationCallbackPreviousPc; ULONG_PTR InstrumentationCallbackPreviousPc;
ULONG_PTR InstrumentationCallbackPreviousSp; ULONG_PTR InstrumentationCallbackPreviousSp;
#ifdef _WIN64
ULONG TxFsContext; ULONG TxFsContext;
#endif
BOOLEAN InstrumentationCallbackDisabled; BOOLEAN InstrumentationCallbackDisabled;
#ifndef _WIN64
UCHAR SpareBytes[23];
ULONG TxFsContext;
#endif
GDI_TEB_BATCH GdiTebBatch; GDI_TEB_BATCH GdiTebBatch;
CLIENT_ID RealClientId; CLIENT_ID RealClientId;
HANDLE GdiCachedProcessHandle; HANDLE GdiCachedProcessHandle;