apex_dma_kvm_pub/vmread/winstructs.h

#ifndef WINSTRUCTS_H
#define WINSTRUCTS_H

/* Native windows structures with native naming to avoid confusion, 32 bit variants exist */

#include <stdint.h>

#define IMAGE_NT_OPTIONAL_HDR32_MAGIC 0x10b
#define IMAGE_NT_OPTIONAL_HDR64_MAGIC 0x20b
#define IMAGE_DIRECTORY_ENTRY_EXPORT 0 /* Export Directory */
#define IMAGE_DOS_SIGNATURE 0x5a4d /* MZ */
#define IMAGE_NT_SIGNATURE 0x4550 /* PE00 */
#define IMAGE_NUMBEROF_DIRECTORY_ENTRIES 16
#define IMAGE_SIZEOF_SHORT_NAME 8

typedef struct _IMAGE_DOS_HEADER {
	uint16_t e_magic;
	uint16_t e_cblp;
	uint16_t e_cp;
	uint16_t e_crlc;
	uint16_t e_cparhdr;
	uint16_t e_minalloc;
	uint16_t e_maxalloc;
	uint16_t e_ss;
	uint16_t e_sp;
	uint16_t e_csum;
	uint16_t e_ip;
	uint16_t e_cs;
	uint16_t e_lfarlc;
	uint16_t e_ovno;
	uint16_t e_res[4];
	uint16_t e_oemid;
	uint16_t e_oeminfo;
	uint16_t e_res2[10];
	int e_lfanew;
} IMAGE_DOS_HEADER, *PIMAGE_DOS_HEADER;

typedef struct _IMAGE_EXPORT_DIRECTORY {
	uint32_t Characteristics;
	uint32_t TimeDateStamp;
	uint16_t MajorVersion;
	uint16_t MinorVersion;
	uint32_t Name;
	uint32_t Base;
	uint32_t NumberOfFunctions;
	uint32_t NumberOfNames;
	uint32_t AddressOfFunctions;
	uint32_t AddressOfNames;
	uint32_t AddressOfNameOrdinals;
} IMAGE_EXPORT_DIRECTORY, *PIMAGE_EXPORT_DIRECTORY;

typedef struct _IMAGE_FILE_HEADER {
	uint16_t Machine;
	uint16_t NumberOfSections;
	uint32_t TimeDateStamp;
	uint32_t PointerToSymbolTable;
	uint32_t NumberOfSymbols;
	uint16_t SizeOfOptionalHeader;
	uint16_t Characteristics;
} IMAGE_FILE_HEADER, *PIMAGE_FILE_HEADER;

typedef struct _IMAGE_DATA_DIRECTORY {
	uint32_t VirtualAddress;
	uint32_t Size;
} IMAGE_DATA_DIRECTORY, *PIMAGE_DATA_DIRECTORY;

typedef struct _IMAGE_OPTIONAL_HEADER64 {
	uint16_t Magic;
	uint8_t MajorLinkerVersion;
	uint8_t MinorLinkerVersion;
	uint32_t SizeOfCode;
	uint32_t SizeOfInitializedData;
	uint32_t SizeOfUninitializedData;
	uint32_t AddressOfEntryPoint;
	uint32_t BaseOfCode;
	uint64_t ImageBase;
	uint32_t SectionAlignment;
	uint32_t FileAlignment;
	uint16_t MajorOperatingSystemVersion;
	uint16_t MinorOperatingSystemVersion;
	uint16_t MajorImageVersion;
	uint16_t MinorImageVersion;
	uint16_t MajorSubsystemVersion;
	uint16_t MinorSubsystemVersion;
	uint32_t Win32VersionValue;
	uint32_t SizeOfImage;
	uint32_t SizeOfHeaders;
	uint32_t CheckSum;
	uint16_t Subsystem;
	uint16_t DllCharacteristics;
	uint64_t SizeOfStackReserve;
	uint64_t SizeOfStackCommit;
	uint64_t SizeOfHeapReserve;
	uint64_t SizeOfHeapCommit;
	uint32_t LoaderFlags;
	uint32_t NumberOfRvaAndSizes;
	IMAGE_DATA_DIRECTORY DataDirectory[IMAGE_NUMBEROF_DIRECTORY_ENTRIES];
} IMAGE_OPTIONAL_HEADER64, *PIMAGE_OPTIONAL_HEADER64;

typedef struct _IMAGE_NT_HEADERS64 {
	uint32_t Signature;
	IMAGE_FILE_HEADER FileHeader;
	IMAGE_OPTIONAL_HEADER64 OptionalHeader;
} IMAGE_NT_HEADERS64, IMAGE_NT_HEADERS, *PIMAGE_NT_HEADERS64, *PIMAGE_NT_HEADERS;

typedef struct _IMAGE_OPTIONAL_HEADER32 {
	uint16_t Magic;
	uint8_t MajorLinkerVersion;
	uint8_t MinorLinkerVersion;
	uint32_t SizeOfCode;
	uint32_t SizeOfInitializedData;
	uint32_t SizeOfUninitializedData;
	uint32_t AddressOfEntryPoint;
	uint32_t BaseOfCode;
	uint32_t BaseOfData;
	uint32_t ImageBase;
	uint32_t SectionAlignment;
	uint32_t FileAlignment;
	uint16_t MajorOperatingSystemVersion;
	uint16_t MinorOperatingSystemVersion;
	uint16_t MajorImageVersion;
	uint16_t MinorImageVersion;
	uint16_t MajorSubsystemVersion;
	uint16_t MinorSubsystemVersion;
	uint32_t Win32VersionValue;
	uint32_t SizeOfImage;
	uint32_t SizeOfHeaders;
	uint32_t CheckSum;
	uint16_t Subsystem;
	uint16_t DllCharacteristics;
	uint32_t SizeOfStackReserve;
	uint32_t SizeOfStackCommit;
	uint32_t SizeOfHeapReserve;
	uint32_t SizeOfHeapCommit;
	uint32_t LoaderFlags;
	uint32_t NumberOfRvaAndSizes;
	IMAGE_DATA_DIRECTORY DataDirectory[IMAGE_NUMBEROF_DIRECTORY_ENTRIES];
} IMAGE_OPTIONAL_HEADER32, *PIMAGE_OPTIONAL_HEADER32;

typedef struct _IMAGE_NT_HEADERS32 {
	uint32_t Signature;
	IMAGE_FILE_HEADER FileHeader;
	IMAGE_OPTIONAL_HEADER32 OptionalHeader;
} IMAGE_NT_HEADERS32, *PIMAGE_NT_HEADERS32;

typedef struct _IMAGE_SECTION_HEADER {
	uint8_t Name[IMAGE_SIZEOF_SHORT_NAME];
	union {
		uint32_t PhysicalAddress;
		uint32_t VirtualSize;
	} Misc;
	uint32_t VirtualAddress;
	uint32_t SizeOfRawData;
	uint32_t PointerToRawData;
	uint32_t PointerToRelocations;
	uint32_t PointerToLinenumbers;
	uint16_t NumberOfRelocations;
	uint16_t NumberOfLinenumbers;
	uint32_t Characteristics;
} IMAGE_SECTION_HEADER, *PIMAGE_SECTION_HEADER;

typedef struct _LIST_ENTRY
{
	uint64_t f_link;
	uint64_t b_link;
} LIST_ENTRY;

typedef struct _UNICODE_STRING
{
	uint16_t length;
	uint16_t maximum_length;
	uint64_t buffer;
} UNICODE_STRING;

typedef struct _LDR_MODULE {
	LIST_ENTRY InLoadOrderModuleList;
	LIST_ENTRY InMemoryOrderModuleList;
	LIST_ENTRY InInitializationOrderModuleList;
	uint64_t BaseAddress;
	uint64_t EntryPoint;
	uint64_t SizeOfImage;
	UNICODE_STRING FullDllName;
	UNICODE_STRING BaseDllName;
	uint64_t Flags;
	short LoadCount;
	short TlsIndex;
	LIST_ENTRY HashTableEntry;
	uint64_t TimeDateStamp;
} LDR_MODULE, *PLDR_MODULE;

typedef struct _PEB_LDR_DATA
{
	uint64_t Length;
	uint8_t Initialized;
	uint64_t SsHandle;
	LIST_ENTRY InLoadOrderModuleList;
	LIST_ENTRY InMemoryOrderModuleList;
	LIST_ENTRY InInitializationOrderModuleList;
	uint64_t EntryInProgress;
} PEB_LDR_DATA;

typedef struct _PEB
{
	uint8_t InheritedAddressSpace;
	uint8_t ReadImageFileExecOptions;
	uint8_t BeingFebugged;
	uint8_t BitField;
	uint8_t Padding0[4];
	uint64_t Mutant;
	uint64_t ImageBaseAddress;
	uint64_t Ldr;
} PEB, PEB64;

typedef struct _LIST_ENTRY32
{
	uint32_t f_link;
	uint32_t b_link;
} LIST_ENTRY32;

typedef struct _UNICODE_STRING32
{
	uint16_t length;
	uint16_t maximum_length;
	uint32_t buffer;
} UNICODE_STRING32;

typedef struct _LDR_MODULE32 {
	LIST_ENTRY32 InLoadOrderModuleList;
	LIST_ENTRY32 InMemoryOrderModuleList;
	LIST_ENTRY32 InInitializationOrderModuleList;
	uint32_t BaseAddress;
	uint32_t EntryPoint;
	uint32_t SizeOfImage;
	UNICODE_STRING32 FullDllName;
	UNICODE_STRING32 BaseDllName;
	uint32_t Flags;
	short LoadCount;
	short TlsIndex;
	LIST_ENTRY32 HashTableEntry;
	uint32_t TimeDateStamp;
} LDR_MODULE32, *PLDR_MODULE32;

typedef struct _PEB_LDR_DATA32
{
	uint32_t Length;
	uint8_t Initialized;
	uint32_t SsHandle;
	LIST_ENTRY32 InLoadOrderModuleList;
	LIST_ENTRY32 InMemoryOrderModuleList;
	LIST_ENTRY32 InInitializationOrderModuleList;
	uint32_t EntryInProgress;
} PEB_LDR_DATA32;

typedef struct _PEB32
{
	uint8_t InheritedAddressSpace;
	uint8_t ReadImageFileExecOptions;
	uint8_t BeingFebugged;
    uint8_t BitField;
	uint32_t Mutant;
	uint32_t ImageBaseAddress;
	uint32_t Ldr;
} PEB32;

#endif
First commit 4 years ago			`#ifndef WINSTRUCTS_H`
			`#define WINSTRUCTS_H`

			`/* Native windows structures with native naming to avoid confusion, 32 bit variants exist */`

			`#include <stdint.h>`

			`#define IMAGE_NT_OPTIONAL_HDR32_MAGIC 0x10b`
			`#define IMAGE_NT_OPTIONAL_HDR64_MAGIC 0x20b`
			`#define IMAGE_DIRECTORY_ENTRY_EXPORT 0 /* Export Directory */`
			`#define IMAGE_DOS_SIGNATURE 0x5a4d /* MZ */`
			`#define IMAGE_NT_SIGNATURE 0x4550 /* PE00 */`
			`#define IMAGE_NUMBEROF_DIRECTORY_ENTRIES 16`
			`#define IMAGE_SIZEOF_SHORT_NAME 8`

			`typedef struct _IMAGE_DOS_HEADER {`
			`uint16_t e_magic;`
			`uint16_t e_cblp;`
			`uint16_t e_cp;`
			`uint16_t e_crlc;`
			`uint16_t e_cparhdr;`
			`uint16_t e_minalloc;`
			`uint16_t e_maxalloc;`
			`uint16_t e_ss;`
			`uint16_t e_sp;`
			`uint16_t e_csum;`
			`uint16_t e_ip;`
			`uint16_t e_cs;`
			`uint16_t e_lfarlc;`
			`uint16_t e_ovno;`
			`uint16_t e_res[4];`
			`uint16_t e_oemid;`
			`uint16_t e_oeminfo;`
			`uint16_t e_res2[10];`
			`int e_lfanew;`
			`} IMAGE_DOS_HEADER, *PIMAGE_DOS_HEADER;`

			`typedef struct _IMAGE_EXPORT_DIRECTORY {`
			`uint32_t Characteristics;`
			`uint32_t TimeDateStamp;`
			`uint16_t MajorVersion;`
			`uint16_t MinorVersion;`
			`uint32_t Name;`
			`uint32_t Base;`
			`uint32_t NumberOfFunctions;`
			`uint32_t NumberOfNames;`
			`uint32_t AddressOfFunctions;`
			`uint32_t AddressOfNames;`
			`uint32_t AddressOfNameOrdinals;`
			`} IMAGE_EXPORT_DIRECTORY, *PIMAGE_EXPORT_DIRECTORY;`

			`typedef struct _IMAGE_FILE_HEADER {`
			`uint16_t Machine;`
			`uint16_t NumberOfSections;`
			`uint32_t TimeDateStamp;`
			`uint32_t PointerToSymbolTable;`
			`uint32_t NumberOfSymbols;`
			`uint16_t SizeOfOptionalHeader;`
			`uint16_t Characteristics;`
			`} IMAGE_FILE_HEADER, *PIMAGE_FILE_HEADER;`

			`typedef struct _IMAGE_DATA_DIRECTORY {`
			`uint32_t VirtualAddress;`
			`uint32_t Size;`
			`} IMAGE_DATA_DIRECTORY, *PIMAGE_DATA_DIRECTORY;`

			`typedef struct _IMAGE_OPTIONAL_HEADER64 {`
			`uint16_t Magic;`
			`uint8_t MajorLinkerVersion;`
			`uint8_t MinorLinkerVersion;`
			`uint32_t SizeOfCode;`
			`uint32_t SizeOfInitializedData;`
			`uint32_t SizeOfUninitializedData;`
			`uint32_t AddressOfEntryPoint;`
			`uint32_t BaseOfCode;`
			`uint64_t ImageBase;`
			`uint32_t SectionAlignment;`
			`uint32_t FileAlignment;`
			`uint16_t MajorOperatingSystemVersion;`
			`uint16_t MinorOperatingSystemVersion;`
			`uint16_t MajorImageVersion;`
			`uint16_t MinorImageVersion;`
			`uint16_t MajorSubsystemVersion;`
			`uint16_t MinorSubsystemVersion;`
			`uint32_t Win32VersionValue;`
			`uint32_t SizeOfImage;`
			`uint32_t SizeOfHeaders;`
			`uint32_t CheckSum;`
			`uint16_t Subsystem;`
			`uint16_t DllCharacteristics;`
			`uint64_t SizeOfStackReserve;`
			`uint64_t SizeOfStackCommit;`
			`uint64_t SizeOfHeapReserve;`
			`uint64_t SizeOfHeapCommit;`
			`uint32_t LoaderFlags;`
			`uint32_t NumberOfRvaAndSizes;`
			`IMAGE_DATA_DIRECTORY DataDirectory[IMAGE_NUMBEROF_DIRECTORY_ENTRIES];`
			`} IMAGE_OPTIONAL_HEADER64, *PIMAGE_OPTIONAL_HEADER64;`

			`typedef struct _IMAGE_NT_HEADERS64 {`
			`uint32_t Signature;`
			`IMAGE_FILE_HEADER FileHeader;`
			`IMAGE_OPTIONAL_HEADER64 OptionalHeader;`
			`} IMAGE_NT_HEADERS64, IMAGE_NT_HEADERS, PIMAGE_NT_HEADERS64, PIMAGE_NT_HEADERS;`

			`typedef struct _IMAGE_OPTIONAL_HEADER32 {`
			`uint16_t Magic;`
			`uint8_t MajorLinkerVersion;`
			`uint8_t MinorLinkerVersion;`
			`uint32_t SizeOfCode;`
			`uint32_t SizeOfInitializedData;`
			`uint32_t SizeOfUninitializedData;`
			`uint32_t AddressOfEntryPoint;`
			`uint32_t BaseOfCode;`
			`uint32_t BaseOfData;`
			`uint32_t ImageBase;`
			`uint32_t SectionAlignment;`
			`uint32_t FileAlignment;`
			`uint16_t MajorOperatingSystemVersion;`
			`uint16_t MinorOperatingSystemVersion;`
			`uint16_t MajorImageVersion;`
			`uint16_t MinorImageVersion;`
			`uint16_t MajorSubsystemVersion;`
			`uint16_t MinorSubsystemVersion;`
			`uint32_t Win32VersionValue;`
			`uint32_t SizeOfImage;`
			`uint32_t SizeOfHeaders;`
			`uint32_t CheckSum;`
			`uint16_t Subsystem;`
			`uint16_t DllCharacteristics;`
			`uint32_t SizeOfStackReserve;`
			`uint32_t SizeOfStackCommit;`
			`uint32_t SizeOfHeapReserve;`
			`uint32_t SizeOfHeapCommit;`
			`uint32_t LoaderFlags;`
			`uint32_t NumberOfRvaAndSizes;`
			`IMAGE_DATA_DIRECTORY DataDirectory[IMAGE_NUMBEROF_DIRECTORY_ENTRIES];`
			`} IMAGE_OPTIONAL_HEADER32, *PIMAGE_OPTIONAL_HEADER32;`

			`typedef struct _IMAGE_NT_HEADERS32 {`
			`uint32_t Signature;`
			`IMAGE_FILE_HEADER FileHeader;`
			`IMAGE_OPTIONAL_HEADER32 OptionalHeader;`
			`} IMAGE_NT_HEADERS32, *PIMAGE_NT_HEADERS32;`

			`typedef struct _IMAGE_SECTION_HEADER {`
			`uint8_t Name[IMAGE_SIZEOF_SHORT_NAME];`
			`union {`
			`uint32_t PhysicalAddress;`
			`uint32_t VirtualSize;`
			`} Misc;`
			`uint32_t VirtualAddress;`
			`uint32_t SizeOfRawData;`
			`uint32_t PointerToRawData;`
			`uint32_t PointerToRelocations;`
			`uint32_t PointerToLinenumbers;`
			`uint16_t NumberOfRelocations;`
			`uint16_t NumberOfLinenumbers;`
			`uint32_t Characteristics;`
			`} IMAGE_SECTION_HEADER, *PIMAGE_SECTION_HEADER;`

			`typedef struct _LIST_ENTRY`
			`{`
			`uint64_t f_link;`
			`uint64_t b_link;`
			`} LIST_ENTRY;`

			`typedef struct _UNICODE_STRING`
			`{`
			`uint16_t length;`
			`uint16_t maximum_length;`
			`uint64_t buffer;`
			`} UNICODE_STRING;`

			`typedef struct _LDR_MODULE {`
			`LIST_ENTRY InLoadOrderModuleList;`
			`LIST_ENTRY InMemoryOrderModuleList;`
			`LIST_ENTRY InInitializationOrderModuleList;`
			`uint64_t BaseAddress;`
			`uint64_t EntryPoint;`
			`uint64_t SizeOfImage;`
			`UNICODE_STRING FullDllName;`
			`UNICODE_STRING BaseDllName;`
			`uint64_t Flags;`
			`short LoadCount;`
			`short TlsIndex;`
			`LIST_ENTRY HashTableEntry;`
			`uint64_t TimeDateStamp;`
			`} LDR_MODULE, *PLDR_MODULE;`

			`typedef struct _PEB_LDR_DATA`
			`{`
			`uint64_t Length;`
			`uint8_t Initialized;`
			`uint64_t SsHandle;`
			`LIST_ENTRY InLoadOrderModuleList;`
			`LIST_ENTRY InMemoryOrderModuleList;`
			`LIST_ENTRY InInitializationOrderModuleList;`
			`uint64_t EntryInProgress;`
			`} PEB_LDR_DATA;`

			`typedef struct _PEB`
			`{`
			`uint8_t InheritedAddressSpace;`
			`uint8_t ReadImageFileExecOptions;`
			`uint8_t BeingFebugged;`
			`uint8_t BitField;`
			`uint8_t Padding0[4];`
			`uint64_t Mutant;`
			`uint64_t ImageBaseAddress;`
			`uint64_t Ldr;`
			`} PEB, PEB64;`

			`typedef struct _LIST_ENTRY32`
			`{`
			`uint32_t f_link;`
			`uint32_t b_link;`
			`} LIST_ENTRY32;`

			`typedef struct _UNICODE_STRING32`
			`{`
			`uint16_t length;`
			`uint16_t maximum_length;`
			`uint32_t buffer;`
			`} UNICODE_STRING32;`

			`typedef struct _LDR_MODULE32 {`
			`LIST_ENTRY32 InLoadOrderModuleList;`
			`LIST_ENTRY32 InMemoryOrderModuleList;`
			`LIST_ENTRY32 InInitializationOrderModuleList;`
			`uint32_t BaseAddress;`
			`uint32_t EntryPoint;`
			`uint32_t SizeOfImage;`
			`UNICODE_STRING32 FullDllName;`
			`UNICODE_STRING32 BaseDllName;`
			`uint32_t Flags;`
			`short LoadCount;`
			`short TlsIndex;`
			`LIST_ENTRY32 HashTableEntry;`
			`uint32_t TimeDateStamp;`
			`} LDR_MODULE32, *PLDR_MODULE32;`

			`typedef struct _PEB_LDR_DATA32`
			`{`
			`uint32_t Length;`
			`uint8_t Initialized;`
			`uint32_t SsHandle;`
			`LIST_ENTRY32 InLoadOrderModuleList;`
			`LIST_ENTRY32 InMemoryOrderModuleList;`
			`LIST_ENTRY32 InInitializationOrderModuleList;`
			`uint32_t EntryInProgress;`
			`} PEB_LDR_DATA32;`

			`typedef struct _PEB32`
			`{`
			`uint8_t InheritedAddressSpace;`
			`uint8_t ReadImageFileExecOptions;`
			`uint8_t BeingFebugged;`
			`uint8_t BitField;`
			`uint32_t Mutant;`
			`uint32_t ImageBaseAddress;`
			`uint32_t Ldr;`
			`} PEB32;`

			`#endif`