microsoft365microsoftmassgravelmassgravewindows-11kms38windows-10kmswindowshwidpowershellactivatorohookoffice365office
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
55 lines
1.0 KiB
55 lines
1.0 KiB
#pragma once |
|
#include <cstdint> |
|
#include <ntifs.h> |
|
#include <stdlib.h> |
|
|
|
namespace nt |
|
{ |
|
struct rtl_module_info |
|
{ |
|
char pad_0[ 0x10 ]; |
|
PVOID image_base; |
|
ULONG image_size; |
|
char pad_1[ 0xa ]; |
|
USHORT file_name_offset; |
|
UCHAR full_path[ _MAX_PATH - 4 ]; |
|
}; |
|
|
|
struct rtl_modules |
|
{ |
|
ULONG count; |
|
rtl_module_info modules[ 1 ]; |
|
}; |
|
|
|
struct image_file_header |
|
{ |
|
USHORT machine; |
|
USHORT number_of_sections; |
|
}; |
|
|
|
struct image_section_header |
|
{ |
|
std::uint8_t name[ 8 ]; |
|
|
|
union |
|
{ |
|
std::uint32_t physical_address; |
|
std::uint32_t virtual_size; |
|
} misc; |
|
|
|
std::uint32_t virtual_address; |
|
std::uint32_t size_of_raw_data; |
|
std::uint32_t pointer_to_raw_data; |
|
std::uint32_t pointer_to_relocations; |
|
std::uint32_t pointer_to_line_numbers; |
|
std::uint16_t number_of_relocations; |
|
std::uint16_t number_of_line_numbers; |
|
std::uint32_t characteristics; |
|
}; |
|
|
|
struct image_nt_headers |
|
{ |
|
std::uint32_t signature; |
|
image_file_header file_header; |
|
}; |
|
} |