From 1c1270dc76b377ae61cb2e17d8074ab0ffe03efb Mon Sep 17 00:00:00 2001
From: "Mr. eXoDia" <mr.exodia.tpodt@gmail.com>
Date: Sun, 16 Mar 2014 12:56:55 +0100
Subject: [PATCH] - added undocumented structures

- added lasterror to the thread list
- fixed the thread list (now clears+updates)
---
 x64_dbg_bridge/bridgemain.cpp                 |   1 +
 x64_dbg_dbg/debugger.cpp                      |   2 +-
 x64_dbg_dbg/thread.cpp                        |  12 ++
 x64_dbg_dbg/undocumented.h                    | 153 ++++++++++++++++++
 x64_dbg_dbg/x64_dbg_dbg.vcxproj               |   1 +
 x64_dbg_dbg/x64_dbg_dbg.vcxproj.filters       |   3 +
 .../Project/Src/BasicView/ThreadView.cpp      |   2 +-
 7 files changed, 172 insertions(+), 2 deletions(-)
 create mode 100644 x64_dbg_dbg/undocumented.h

diff --git a/x64_dbg_bridge/bridgemain.cpp b/x64_dbg_bridge/bridgemain.cpp
index 6e2e3bec..1e7ffa73 100644
--- a/x64_dbg_bridge/bridgemain.cpp
+++ b/x64_dbg_bridge/bridgemain.cpp
@@ -597,6 +597,7 @@ BRIDGE_IMPEXP void GuiUpdateAllViews()
     GuiUpdateDisassemblyView();
     GuiUpdateBreakpointsView();
     GuiUpdateDumpView();
+    GuiUpdateThreadView();
 }
 
 BRIDGE_IMPEXP void GuiUpdateRegisterView()
diff --git a/x64_dbg_dbg/debugger.cpp b/x64_dbg_dbg/debugger.cpp
index e8c32342..994dbca7 100644
--- a/x64_dbg_dbg/debugger.cpp
+++ b/x64_dbg_dbg/debugger.cpp
@@ -541,7 +541,6 @@ static void cbSystemBreakpoint(void* ExceptionData)
     //update GUI
     DebugUpdateGui(GetContextData(UE_CIP), true);
     GuiSetDebugState(paused);
-    GuiUpdateThreadView();
     //lock
     lock(WAITID_RUN);
     bSkipExceptions=false;
@@ -748,6 +747,7 @@ static DWORD WINAPI threadDebugLoop(void* lpParameter)
     //cleanup
     dbclose();
     modclear();
+    threadclear();
     GuiSetDebugState(stopped);
     dputs("debugging stopped!");
     varset("$hp", 0, true);
diff --git a/x64_dbg_dbg/thread.cpp b/x64_dbg_dbg/thread.cpp
index 89a9b172..927a1091 100644
--- a/x64_dbg_dbg/thread.cpp
+++ b/x64_dbg_dbg/thread.cpp
@@ -1,5 +1,7 @@
 #include "thread.h"
 #include "console.h"
+#include "undocumented.h"
+#include "memory.h"
 
 static std::vector<THREADINFO> threadList;
 static int threadNum;
@@ -41,6 +43,15 @@ static THREADWAITREASON GetThreadWaitReason(DWORD dwThreadId)
     return Executive;
 }
 
+static DWORD GetThreadLastError(uint tebAddress)
+{
+    TEB teb;
+    memset(&teb, 0, sizeof(TEB));
+    if(!memread(fdProcessInfo->hProcess, (void*)tebAddress, &teb, sizeof(TEB), 0))
+        return 0;
+    return teb.LastErrorValue;
+}
+
 void threadgetlist(THREADLIST* list)
 {
     int count=threadList.size();
@@ -60,6 +71,7 @@ void threadgetlist(THREADLIST* list)
         ResumeThread(hThread);
         list->list[i].Priority=(THREADPRIORITY)GetThreadPriority(list->list[i].BasicInfo.hThread);
         list->list[i].WaitReason=GetThreadWaitReason(list->list[i].BasicInfo.dwThreadId);
+        list->list[i].LastError=GetThreadLastError(list->list[i].BasicInfo.ThreadLocalBase);
     }
     list->CurrentThread=currentThread;
 }
\ No newline at end of file
diff --git a/x64_dbg_dbg/undocumented.h b/x64_dbg_dbg/undocumented.h
new file mode 100644
index 00000000..2ce9793c
--- /dev/null
+++ b/x64_dbg_dbg/undocumented.h
@@ -0,0 +1,153 @@
+#include <windows.h>
+
+//Thanks to: https://github.com/zer0fl4g/Nanomite
+
+typedef struct _UNICODE_STRING
+{
+    USHORT Length;
+    USHORT MaximumLength;
+    PWSTR  Buffer;
+} UNICODE_STRING;
+
+typedef struct _CLIENT_ID
+{
+    HANDLE UniqueProcess;
+    HANDLE UniqueThread;
+} CLIENT_ID;
+
+typedef struct _PEB
+{
+    BYTE InheritedAddressSpace;
+    BYTE ReadImageFileExecOptions;
+    BYTE BeingDebugged;
+    BYTE SpareBool;
+    DWORD Mutant;
+    DWORD ImageBaseAddress;
+    DWORD LoaderData;
+    DWORD ProcessParameters;
+    DWORD SubSystemData;
+    DWORD ProcessHeap;
+    DWORD FastPebLock;
+    DWORD FastPebLockRoutine;
+    DWORD FastPebUnlockRoutine;
+    DWORD EnviromentUpdateCount;
+    DWORD KernelCallbackTable;
+    DWORD UserSharedInfoPtr;
+    DWORD ThunksOrOptions;
+    DWORD FreeList;
+    DWORD TlsExpansionCounter;
+    DWORD TlsBitmap;
+    DWORD TlsBitmapBits[2];
+    DWORD ReadOnlySharedMemoryBase;
+    DWORD ReadOnlySharedMemoryHeap;
+    DWORD ReadOnlyStaticServerData;
+    DWORD AnsiCodePageData;
+    DWORD OemCodePageData;
+    DWORD UnicodeCaseTableData;
+    DWORD NumberOfProcessors;
+    DWORD NtGlobalFlag;
+    DWORD Reserved;
+    LARGE_INTEGER CriticalSectionTimeout;
+    DWORD HeapSegmentReserve;
+    DWORD HeapSegmentCommit;
+    DWORD HeapDeCommitTotalFreeThreshold;
+    DWORD HeapDeCommitFreeBlockThreshold;
+    DWORD NumberOfHeaps;
+    DWORD MaximumNumberOfHeaps;
+    DWORD ProcessHeaps;
+    DWORD GdiSharedHandleTable;
+    DWORD ProcessStarterHelper;
+    DWORD GdiDCAttributeList;
+    DWORD LoaderLock;
+    DWORD OSMajorVersion;
+    DWORD OSMinorVersion;
+    WORD OSBuildNumber;
+    WORD OSCSDVersion;
+    DWORD OSPlatformId;
+    DWORD ImageSubsystem;
+    DWORD ImageSubsystemMajorVersion;
+    DWORD ImageSubsystemMinorVersion;
+    DWORD ImageProcessAffinityMask;
+    DWORD GdiHandleBuffer[34];
+    DWORD PostProcessInitRoutine;
+    DWORD TlsExpansionBitmap;
+    DWORD TlsExpansionBitmapBits[32];
+    DWORD SessionId;
+    ULARGE_INTEGER AppCompatFlags;
+    ULARGE_INTEGER AppCompatFlagsUser;
+    DWORD pShimData;
+    DWORD AppCompatInfo;
+    UNICODE_STRING CSDVersion;
+    DWORD ActivationContextData;
+    DWORD ProcessAssemblyStorageMap;
+    DWORD SystemDefaultActivationContextData;
+    DWORD SystemAssemblyStorageMap;
+    DWORD MinimumStackCommit;
+    DWORD FlsCallback;
+    DWORD FlsListHead_Flink;
+    DWORD FlsListHead_Blink;
+    DWORD FlsBitmap;
+    DWORD FlsBitmapBits[4];
+    DWORD FlsHighIndex;
+} PEB, *PPEB;
+
+typedef struct _TEB
+{
+    NT_TIB                  Tib;
+    PVOID                   EnvironmentPointer;
+    CLIENT_ID               Cid;
+    PVOID                   ActiveRpcInfo;
+    PVOID                   ThreadLocalStoragePointer;
+    PPEB                    Peb;
+    ULONG                   LastErrorValue;
+    ULONG                   CountOfOwnedCriticalSections;
+    PVOID                   CsrClientThread;
+    PVOID                   Win32ThreadInfo;
+    ULONG                   Win32ClientInfo[0x1F];
+    PVOID                   WOW32Reserved;
+    ULONG                   CurrentLocale;
+    ULONG                   FpSoftwareStatusRegister;
+    PVOID                   SystemReserved1[0x36];
+    PVOID                   Spare1;
+    ULONG                   ExceptionCode;
+    ULONG                   SpareBytes1[0x28];
+    PVOID                   SystemReserved2[0xA];
+    ULONG                   GdiRgn;
+    ULONG                   GdiPen;
+    ULONG                   GdiBrush;
+    CLIENT_ID               RealClientId;
+    PVOID                   GdiCachedProcessHandle;
+    ULONG                   GdiClientPID;
+    ULONG                   GdiClientTID;
+    PVOID                   GdiThreadLocaleInfo;
+    PVOID                   UserReserved[5];
+    PVOID                   GlDispatchTable[0x118];
+    ULONG                   GlReserved1[0x1A];
+    PVOID                   GlReserved2;
+    PVOID                   GlSectionInfo;
+    PVOID                   GlSection;
+    PVOID                   GlTable;
+    PVOID                   GlCurrentRC;
+    PVOID                   GlContext;
+    NTSTATUS                LastStatusValue;
+    UNICODE_STRING          StaticUnicodeString;
+    WCHAR                   StaticUnicodeBuffer[0x105];
+    PVOID                   DeallocationStack;
+    PVOID                   TlsSlots[0x40];
+    LIST_ENTRY              TlsLinks;
+    PVOID                   Vdm;
+    PVOID                   ReservedForNtRpc;
+    PVOID                   DbgSsReserved[0x2];
+    ULONG                   HardErrorDisabled;
+    PVOID                   Instrumentation[0x10];
+    PVOID                   WinSockData;
+    ULONG                   GdiBatchCount;
+    ULONG                   Spare2;
+    ULONG                   Spare3;
+    ULONG                   Spare4;
+    PVOID                   ReservedForOle;
+    ULONG                   WaitingOnLoaderLock;
+    PVOID                   StackCommit;
+    PVOID                   StackCommitMax;
+    PVOID                   StackReserved;
+} TEB, *PTEB;
diff --git a/x64_dbg_dbg/x64_dbg_dbg.vcxproj b/x64_dbg_dbg/x64_dbg_dbg.vcxproj
index 0089ddfb..9dc1712b 100644
--- a/x64_dbg_dbg/x64_dbg_dbg.vcxproj
+++ b/x64_dbg_dbg/x64_dbg_dbg.vcxproj
@@ -60,6 +60,7 @@
     <ClInclude Include="symbolinfo.h" />
     <ClInclude Include="thread.h" />
     <ClInclude Include="threading.h" />
+    <ClInclude Include="undocumented.h" />
     <ClInclude Include="value.h" />
     <ClInclude Include="variable.h" />
     <ClInclude Include="x64_dbg.h" />
diff --git a/x64_dbg_dbg/x64_dbg_dbg.vcxproj.filters b/x64_dbg_dbg/x64_dbg_dbg.vcxproj.filters
index b80df704..efdfb4e6 100644
--- a/x64_dbg_dbg/x64_dbg_dbg.vcxproj.filters
+++ b/x64_dbg_dbg/x64_dbg_dbg.vcxproj.filters
@@ -179,5 +179,8 @@
     <ClInclude Include="thread.h">
       <Filter>Header Files</Filter>
     </ClInclude>
+    <ClInclude Include="undocumented.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
   </ItemGroup>
 </Project>
\ No newline at end of file
diff --git a/x64_dbg_gui/Project/Src/BasicView/ThreadView.cpp b/x64_dbg_gui/Project/Src/BasicView/ThreadView.cpp
index a36adf2a..1bf8adcd 100644
--- a/x64_dbg_gui/Project/Src/BasicView/ThreadView.cpp
+++ b/x64_dbg_gui/Project/Src/BasicView/ThreadView.cpp
@@ -13,7 +13,7 @@ ThreadView::ThreadView(StdTable *parent) : StdTable(parent)
     addColumnAt(8+charwidth*sizeof(uint_t)*2, "EIP", false);
 #endif //_WIN64
     addColumnAt(8+charwidth*14, "Suspend Count", false);
-    addColumnAt(8+charwidth*20, "Priority", false);
+    addColumnAt(8+charwidth*12, "Priority", false);
     addColumnAt(8+charwidth*16, "WaitReason", false);
     addColumnAt(8+charwidth*10, "LastError", false);
     addColumnAt(0, "", false);