Exetools

Exetools (https://forum.exetools.com/index.php)
-   General Discussion (https://forum.exetools.com/forumdisplay.php?f=2)
-   -   PEB ProcessParameters on different OSes (https://forum.exetools.com/showthread.php?t=5038)

omega_red 08-19-2004 21:15
PEB ProcessParameters on different OSes
 
Does anyone know if the ProcessParameters (RTL_USER_PROCESS_PARAMETERS) member of PEB (PEB+10h) have the same structure on different OSes (NT/2k/XP/2k3)? I don't want my code to break with false assumptions ;)

On 2k it's like this:
Code:
typedef struct _RTL_USER_PROCESS_PARAMETERS {
        ULONG MaximumLength;
        ULONG Length;
        ULONG Flags;
        ULONG DebugFlags;
        PVOID ConsoleHandle;
        ULONG ConsoleFlags;
        HANDLE StdInputHandle;
        HANDLE StdOutputHandle;
        HANDLE StdErrorHandle;
        UNICODE_STRING CurrentDirectoryPath;
        HANDLE CurrentDirectoryHandle;
        UNICODE_STRING DllPath;
        UNICODE_STRING ImagePathName;
        UNICODE_STRING CommandLine;
        PVOID Environment;
        ULONG StartingPositionLeft;
        ULONG StartingPositionTop;
        ULONG Width;
        ULONG Height;
        ULONG CharWidth;
        ULONG CharHeight;
        ULONG ConsoleTextAttributes;
        ULONG WindowFlags;
        ULONG ShowWindowFlags;
        UNICODE_STRING WindowTitle;
        UNICODE_STRING DesktopName;
        UNICODE_STRING ShellInfo;
        UNICODE_STRING RuntimeData;
        RTL_DRIVE_LETTER_CURDIR DLCurrentDirectory[0x20];
} RTL_USER_PROCESS_PARAMETERS, *PRTL_USER_PROCESS_PARAMETERS;

Opc0de 08-20-2004 01:55
Using WinDBG in my box: (Windows XP SP1)

Code:
lkd> dt _RTL_USER_PROCESS_PARAMETERS
  +0x000 MaximumLength    : Uint4B
  +0x004 Length          : Uint4B
  +0x008 Flags            : Uint4B
  +0x00c DebugFlags      : Uint4B
  +0x010 ConsoleHandle    : Ptr32 Void
  +0x014 ConsoleFlags    : Uint4B
  +0x018 StandardInput    : Ptr32 Void
  +0x01c StandardOutput  : Ptr32 Void
  +0x020 StandardError    : Ptr32 Void
  +0x024 CurrentDirectory : _CURDIR
  +0x030 DllPath          : _UNICODE_STRING
  +0x038 ImagePathName    : _UNICODE_STRING
  +0x040 CommandLine      : _UNICODE_STRING
  +0x048 Environment      : Ptr32 Void
  +0x04c StartingX        : Uint4B
  +0x050 StartingY        : Uint4B
  +0x054 CountX          : Uint4B
  +0x058 CountY          : Uint4B
  +0x05c CountCharsX      : Uint4B
  +0x060 CountCharsY      : Uint4B
  +0x064 FillAttribute    : Uint4B
  +0x068 WindowFlags      : Uint4B
  +0x06c ShowWindowFlags  : Uint4B
  +0x070 WindowTitle      : _UNICODE_STRING
  +0x078 DesktopInfo      : _UNICODE_STRING
  +0x080 ShellInfo        : _UNICODE_STRING
  +0x088 RuntimeData      : _UNICODE_STRING
  +0x090 CurrentDirectores : [32] _RTL_DRIVE_LETTER_CURDIR


All times are GMT +8. The time now is 16:26.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2026, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX