지난번 TEB에 이어 이번에는 PEB에 대해 자료를 업데이트 합니다.
PEB는 Process Environment Block으로 Windows Kernel에서 Process에 대한 환경정보를 담고있는 구조체입니다.

 
typedef struct _PEB {
  BOOLEAN                   InheritedAddressSpace;          /*  00 */
  BOOLEAN                   ReadImageFileExecOptions;       /*  01 */
  BOOLEAN                   BeingDebugged;                  /*  02 */
  BOOLEAN                   SpareBool;                      /*  03 */
  HANDLE                    Mutant;                         /*  04 */
  HMODULE                   ImageBaseAddress;               /*  08 */
  PPEB_LDR_DATA             LdrData;                        /*  0c */
  RTL_USER_PROCESS_PARAMETERS *ProcessParameters;           /*  10 */
  PVOID                     SubSystemData;                  /*  14 */
  HANDLE                    ProcessHeap;                    /*  18 */
  PRTL_CRITICAL_SECTION     FastPebLock;                    /*  1c */
  PVOID /*PPEBLOCKROUTINE*/ FastPebLockRoutine;             /*  20 */
  PVOID /*PPEBLOCKROUTINE*/ FastPebUnlockRoutine;           /*  24 */
  ULONG                     EnvironmentUpdateCount;         /*  28 */
  PVOID                     KernelCallbackTable;            /*  2c */
  PVOID                     EventLogSection;                /*  30 */
  PVOID                     EventLog;                       /*  34 */
  PVOID /*PPEB_FREE_BLOCK*/ FreeList;                       /*  38 */
  ULONG                     TlsExpansionCounter;            /*  3c */
  PRTL_BITMAP               TlsBitmap;                      /*  40 */
  ULONG                     TlsBitmapBits[2];               /*  44 */
  PVOID                     ReadOnlySharedMemoryBase;       /*  4c */
  PVOID                     ReadOnlySharedMemoryHeap;       /*  50 */
  PVOID                    *ReadOnlyStaticServerData;       /*  54 */
  PVOID                     AnsiCodePageData;               /*  58 */
  PVOID                     OemCodePageData;                /*  5c */
  PVOID                     UnicodeCaseTableData;           /*  60 */
  ULONG                     NumberOfProcessors;             /*  64 */
  ULONG                     NtGlobalFlag;                   /*  68 */
  BYTE                      Spare2[4];                      /*  6c */
  LARGE_INTEGER             CriticalSectionTimeout;         /*  70 */
  ULONG                     HeapSegmentReserve;             /*  78 */
  ULONG                     HeapSegmentCommit;              /*  7c */
  ULONG                     HeapDeCommitTotalFreeThreshold; /*  80 */
  ULONG                     HeapDeCommitFreeBlockThreshold; /*  84 */
  ULONG                     NumberOfHeaps;                  /*  88 */
  ULONG                     MaximumNumberOfHeaps;           /*  8c */
  PVOID                    *ProcessHeaps;                   /*  90 */
  PVOID                     GdiSharedHandleTable;           /*  94 */
  PVOID                     ProcessStarterHelper;           /*  98 */
  PVOID                     GdiDCAttributeList;             /*  9c */
  PVOID                     LoaderLock;                     /*  a0 */
  ULONG                     OSMajorVersion;                 /*  a4 */
  ULONG                     OSMinorVersion;                 /*  a8 */
  ULONG                     OSBuildNumber;                  /*  ac */
  ULONG                     OSPlatformId;                   /*  b0 */
  ULONG                     ImageSubSystem;                 /*  b4 */
  ULONG                     ImageSubSystemMajorVersion;     /*  b8 */
  ULONG                     ImageSubSystemMinorVersion;     /*  bc */
  ULONG                     ImageProcessAffinityMask;       /*  c0 */
  ULONG                     GdiHandleBuffer[34];            /*  c4 */
  ULONG                     PostProcessInitRoutine;         /* 14c */
  PRTL_BITMAP               TlsExpansionBitmap;             /* 150 */
  ULONG                     TlsExpansionBitmapBits[32];     /* 154 */
  ULONG                     SessionId;                      /* 1d4 */
  ULARGE_INTEGER            AppCompatFlags;                 /* 1d8 */
  ULARGE_INTEGER            AppCompatFlagsUser;             /* 1e0 */
  PVOID                     ShimData;                       /* 1e8 */
  PVOID                     AppCompatInfo;                  /* 1ec */
  UNICODE_STRING            CSDVersion;                     /* 1f0 */
  PVOID                     ActivationContextData;          /* 1f8 */
  PVOID                     ProcessAssemblyStorageMap;      /* 1fc */
  PVOID                     SystemDefaultActivationData;    /* 200 */
  PVOID                     SystemAssemblyStorageMap;       /* 204 */
  ULONG                     MinimumStackCommit;             /* 208 */
  PVOID                    *FlsCallback;                    /* 20c */
  LIST_ENTRY                FlsListHead;                    /* 210 */
  PRTL_BITMAP               FlsBitmap;                      /* 218 */
  ULONG                     FlsBitmapBits[4];               /* 21c */
} PEB, *PPEB;
저작자 표시
신고
크리에이티브 커먼즈 라이선스
Creative Commons License
Posted by 지영아빠

티스토리 툴바