能力值:
( LV2,RANK:10 )
|
-
-
2 楼
lkd> dt _KPROCESS
+0x000 Header : _DISPATCHER_HEADER
+0x010 ProfileListHead : _LIST_ENTRY
+0x018 DirectoryTableBase : [2] Uint4B
+0x020 LdtDescriptor : _KGDTENTRY
+0x028 Int21Descriptor : _KIDTENTRY
+0x030 IopmOffset : Uint2B
+0x032 Iopl : UChar
+0x033 Unused : UChar
+0x034 ActiveProcessors : Uint4B
+0x038 KernelTime : Uint4B
+0x03c UserTime : Uint4B
+0x040 ReadyListHead : _LIST_ENTRY
+0x048 SwapListEntry : _SINGLE_LIST_ENTRY
+0x04c VdmTrapcHandler : Ptr32 Void
+0x050 ThreadListHead : _LIST_ENTRY
+0x058 ProcessLock : Uint4B
+0x05c Affinity : Uint4B
+0x060 StackCount : Uint2B
+0x062 BasePriority : Char
+0x063 ThreadQuantum : Char
+0x064 AutoAlignment : UChar
+0x065 State : UChar
+0x066 ThreadSeed : UChar
+0x067 DisableBoost : UChar
+0x068 PowerState : UChar
+0x069 DisableQuantum : UChar
+0x06a IdealNode : UChar
+0x06b Flags : _KEXECUTE_OPTIONS
+0x06b ExecuteOptions : UChar
你也可以在DDK中搜索
|
能力值:
( LV2,RANK:10 )
|
-
-
3 楼
谢谢楼上的,我想知道的是,这样的结构到底有没有被windows公开,如果有,是在哪个头文件中。因为这个结构本身又包含了其他的结构,在定义的同时还要定义其他的结构,一层层嵌套下去,很麻烦的。
|
能力值:
( LV8,RANK:130 )
|
-
-
4 楼
似乎没有公开。
你可以去WRK里找
我喜欢用硬编码~
|
能力值:
( LV2,RANK:10 )
|
-
-
5 楼
Windows Server 2003 SP2:
typedef struct _KPROCESS // 33 elements, 0x78 bytes (sizeof)
{
/*0x000*/ struct _DISPATCHER_HEADER Header; // 10 elements, 0x10 bytes (sizeof)
/*0x010*/ struct _LIST_ENTRY ProfileListHead; // 2 elements, 0x8 bytes (sizeof)
/*0x018*/ ULONG32 DirectoryTableBase[2];
/*0x020*/ struct _KGDTENTRY LdtDescriptor; // 3 elements, 0x8 bytes (sizeof)
/*0x028*/ struct _KIDTENTRY Int21Descriptor; // 4 elements, 0x8 bytes (sizeof)
/*0x030*/ UINT16 IopmOffset;
/*0x032*/ UINT8 Iopl;
/*0x033*/ UINT8 Unused;
/*0x034*/ ULONG32 ActiveProcessors;
/*0x038*/ ULONG32 KernelTime;
/*0x03C*/ ULONG32 UserTime;
/*0x040*/ struct _LIST_ENTRY ReadyListHead; // 2 elements, 0x8 bytes (sizeof)
/*0x048*/ struct _SINGLE_LIST_ENTRY SwapListEntry; // 1 elements, 0x4 bytes (sizeof)
/*0x04C*/ VOID* VdmTrapcHandler;
/*0x050*/ struct _LIST_ENTRY ThreadListHead; // 2 elements, 0x8 bytes (sizeof)
/*0x058*/ ULONG32 ProcessLock;
/*0x05C*/ ULONG32 Affinity;
union // 2 elements, 0x4 bytes (sizeof)
{
struct // 4 elements, 0x4 bytes (sizeof)
{
/*0x060*/ LONG32 AutoAlignment : 1; // 0 BitPosition
/*0x060*/ LONG32 DisableBoost : 1; // 1 BitPosition
/*0x060*/ LONG32 DisableQuantum : 1; // 2 BitPosition
/*0x060*/ LONG32 ReservedFlags : 29; // 3 BitPosition
};
/*0x060*/ LONG32 ProcessFlags;
};
/*0x064*/ CHAR BasePriority;
/*0x065*/ CHAR QuantumReset;
/*0x066*/ UINT8 State;
/*0x067*/ UINT8 ThreadSeed;
/*0x068*/ UINT8 PowerState;
/*0x069*/ UINT8 IdealNode;
/*0x06A*/ UINT8 Visited;
union // 2 elements, 0x1 bytes (sizeof)
{
/*0x06B*/ struct _KEXECUTE_OPTIONS Flags; // 7 elements, 0x1 bytes (sizeof)
/*0x06B*/ UINT8 ExecuteOptions;
};
/*0x06C*/ ULONG32 StackCount;
/*0x070*/ struct _LIST_ENTRY ProcessListEntry; // 2 elements, 0x8 bytes (sizeof)
}KPROCESS, *PKPROCESS;
Windows XP SP2:
typedef struct _KPROCESS // 29 elements, 0x6C bytes (sizeof)
{
/*0x000*/ struct _DISPATCHER_HEADER Header; // 6 elements, 0x10 bytes (sizeof)
/*0x010*/ struct _LIST_ENTRY ProfileListHead; // 2 elements, 0x8 bytes (sizeof)
/*0x018*/ ULONG32 DirectoryTableBase[2];
/*0x020*/ struct _KGDTENTRY LdtDescriptor; // 3 elements, 0x8 bytes (sizeof)
/*0x028*/ struct _KIDTENTRY Int21Descriptor; // 4 elements, 0x8 bytes (sizeof)
/*0x030*/ UINT16 IopmOffset;
/*0x032*/ UINT8 Iopl;
/*0x033*/ UINT8 Unused;
/*0x034*/ ULONG32 ActiveProcessors;
/*0x038*/ ULONG32 KernelTime;
/*0x03C*/ ULONG32 UserTime;
/*0x040*/ struct _LIST_ENTRY ReadyListHead; // 2 elements, 0x8 bytes (sizeof)
/*0x048*/ struct _SINGLE_LIST_ENTRY SwapListEntry; // 1 elements, 0x4 bytes (sizeof)
/*0x04C*/ VOID* VdmTrapcHandler;
/*0x050*/ struct _LIST_ENTRY ThreadListHead; // 2 elements, 0x8 bytes (sizeof)
/*0x058*/ ULONG32 ProcessLock;
/*0x05C*/ ULONG32 Affinity;
/*0x060*/ UINT16 StackCount;
/*0x062*/ CHAR BasePriority;
/*0x063*/ CHAR ThreadQuantum;
/*0x064*/ UINT8 AutoAlignment;
/*0x065*/ UINT8 State;
/*0x066*/ UINT8 ThreadSeed;
/*0x067*/ UINT8 DisableBoost;
/*0x068*/ UINT8 PowerState;
/*0x069*/ UINT8 DisableQuantum;
/*0x06A*/ UINT8 IdealNode;
union // 2 elements, 0x1 bytes (sizeof)
{
/*0x06B*/ struct _KEXECUTE_OPTIONS Flags; // 7 elements, 0x1 bytes (sizeof)
/*0x06B*/ UINT8 ExecuteOptions;
};
}KPROCESS, *PKPROCESS;
Windows Vista/2008:
typedef struct _KPROCESS // 35 elements, 0x80 bytes (sizeof)
{
/*0x000*/ struct _DISPATCHER_HEADER Header; // 13 elements, 0x10 bytes (sizeof)
/*0x010*/ struct _LIST_ENTRY ProfileListHead; // 2 elements, 0x8 bytes (sizeof)
/*0x018*/ ULONG32 DirectoryTableBase;
/*0x01C*/ ULONG32 Unused0;
/*0x020*/ struct _KGDTENTRY LdtDescriptor; // 3 elements, 0x8 bytes (sizeof)
/*0x028*/ struct _KIDTENTRY Int21Descriptor; // 4 elements, 0x8 bytes (sizeof)
/*0x030*/ UINT16 IopmOffset;
/*0x032*/ UINT8 Unused1;
/*0x033*/ UINT8 Unused2;
/*0x034*/ ULONG32 ActiveProcessors;
/*0x038*/ ULONG32 KernelTime;
/*0x03C*/ ULONG32 UserTime;
/*0x040*/ struct _LIST_ENTRY ReadyListHead; // 2 elements, 0x8 bytes (sizeof)
/*0x048*/ struct _SINGLE_LIST_ENTRY SwapListEntry; // 1 elements, 0x4 bytes (sizeof)
/*0x04C*/ VOID* VdmTrapcHandler;
/*0x050*/ struct _LIST_ENTRY ThreadListHead; // 2 elements, 0x8 bytes (sizeof)
/*0x058*/ ULONG32 ProcessLock;
/*0x05C*/ ULONG32 Affinity;
union // 2 elements, 0x4 bytes (sizeof)
{
struct // 4 elements, 0x4 bytes (sizeof)
{
/*0x060*/ LONG32 AutoAlignment : 1; // 0 BitPosition
/*0x060*/ LONG32 DisableBoost : 1; // 1 BitPosition
/*0x060*/ LONG32 DisableQuantum : 1; // 2 BitPosition
/*0x060*/ LONG32 ReservedFlags : 29; // 3 BitPosition
};
/*0x060*/ LONG32 ProcessFlags;
};
/*0x064*/ CHAR BasePriority;
/*0x065*/ CHAR QuantumReset;
/*0x066*/ UINT8 State;
/*0x067*/ UINT8 ThreadSeed;
/*0x068*/ UINT8 PowerState;
/*0x069*/ UINT8 IdealNode;
/*0x06A*/ UINT8 Visited;
union // 2 elements, 0x1 bytes (sizeof)
{
/*0x06B*/ struct _KEXECUTE_OPTIONS Flags; // 8 elements, 0x1 bytes (sizeof)
/*0x06B*/ UINT8 ExecuteOptions;
};
/*0x06C*/ ULONG32 StackCount;
/*0x070*/ struct _LIST_ENTRY ProcessListEntry; // 2 elements, 0x8 bytes (sizeof)
/*0x078*/ UINT64 CycleTime;
}KPROCESS, *PKPROCESS;
|
能力值:
( LV5,RANK:60 )
|
-
-
6 楼
呵呵~~楼上给的真详细
|
能力值:
( LV2,RANK:10 )
|
-
-
7 楼
谢谢5楼的兄弟
|
能力值:
( LV2,RANK:10 )
|
-
-
8 楼
好东西,前一段时间找没有找到
|