PEB
Process Environment Block Microsoft documentation of this is incomplete, the fields here are taken from various resources including:
Fields of this type
Fields
- Ldr:*PEB_LDR_DATA
- ProcessParameters:*RTL_USER_PROCESS_PARAMETERS
- FastPebLock:*RTL_CRITICAL_SECTION
- CrossProcessFlags:ULONG
- https://www.geoffchappell.com/studies/windows/win32/ntdll/structs/peb/crossprocessflags.htm
- union1:extern union { KernelCallbackTable: PVOID, UserSharedInfoPtr: PVOID, }
- TlsBitmap:*RTL_BITMAP
- TlsBitmapBits:[2]ULONG
- ReadOnlyStaticServerData:*PVOID
- ProcessHeaps:*PVOID
- LoaderLock:*RTL_CRITICAL_SECTION
- GdiHandleBuffer:[ switch (@sizeOf(usize)) { 4 => 0x22, 8 => 0x3C, else => unreachable, } ]ULONG
- TlsExpansionBitmap:*RTL_BITMAP
- TlsExpansionBitmapBits:[32]ULONG
- ActivationContextData:*const ACTIVATION_CONTEXT_DATA
- ProcessAssemblyStorageMap:*ASSEMBLY_STORAGE_MAP
- SystemDefaultActivationData:*const ACTIVATION_CONTEXT_DATA
- SystemAssemblyStorageMap:*ASSEMBLY_STORAGE_MAP
- FlsCallback:*FLS_CALLBACK_INFO
- FlsBitmap:*RTL_BITMAP
- FlsBitmapBits:[4]ULONG
- TracingFlags:ULONG
- TODO: https://www.geoffchappell.com/studies/windows/win32/ntdll/structs/peb/tracingflags.htm
- WaitOnAddressHashTable:[0x80]PVOID