PEB TIB TEB结构展示

元始天尊 · 发表于 2015-5-2 12:50:48

欢迎访问技术宅的结界，请注册或者登录吧。

您需要登录才可以下载或查看，没有账号？立即注册→加入我们

×

丛看雪看到这3个结构体的，fs:[0]的地址位置就是TEB ,TIB是TEB的第一个成员，TEB的0x30处指向PEB。
这里有个问题没想明白，如何从PEB枚举所有TEB呢？
代码如下：

#define EXCEPTION_MAXIMUM_PARAMETERS 15 // maximum number of exception parameters
typedef unsigned int DWORD;
typedef unsigned long ULONG;
typedef short SHORT;
typedef unsigned short WORD;
typedef unsigned short USHORT;
typedef void* PVOID;
typedef PVOID* PPVOID;
typedef unsigned char UCHAR;
typedef unsigned char BYTE;
typedef long LONG;
typedef unsigned short WCHAR;
typedef char CHAR;
typedef __int64 LONGLONG;
typedef unsigned __int64 ULONGLONG;
typedef WCHAR *PWCHAR, *LPWCH, *PWCH;
typedef CHAR *PCHAR, *LPCH, *PCH;

typedef unsigned short UINT16;
typedef unsigned int UINT32;
typedef unsigned __int64 UINT64;
typedef short INT16;
typedef int INT32;
typedef __int64 INT64;

#if !defined(_W64)
#if !defined(__midl) && (defined(_X86_) || defined(_M_IX86)) && _MSC_VER >= 1300
#define _W64 __w64
#else
#define _W64
#endif
#endif

#if ( 501 < __midl )

typedef[public] __int3264 INT_PTR, *PINT_PTR;
typedef[public] unsigned __int3264 UINT_PTR, *PUINT_PTR;

typedef[public] __int3264 LONG_PTR, *PLONG_PTR;
typedef[public] unsigned __int3264 ULONG_PTR, *PULONG_PTR;

#else  // midl64
// old midl and C++ compiler

#if defined(_WIN64)
typedef __int64 INT_PTR, *PINT_PTR;
typedef unsigned __int64 UINT_PTR, *PUINT_PTR;

typedef __int64 LONG_PTR, *PLONG_PTR;
typedef unsigned __int64 ULONG_PTR, *PULONG_PTR;

#define __int3264   __int64

#else
typedef _W64 int INT_PTR, *PINT_PTR;
typedef _W64 unsigned int UINT_PTR, *PUINT_PTR;

typedef _W64 long LONG_PTR, *PLONG_PTR;
typedef _W64 unsigned long ULONG_PTR, *PULONG_PTR;

#define __int3264   __int32

#endif
#endif // midl64

#ifdef STRICT
typedef void *HANDLE;
#if 0 && (_MSC_VER > 1000)
#define DECLARE_HANDLE(name) struct name##__; typedef struct name##__ *name
#else
#define DECLARE_HANDLE(name) struct name##__{int unused;}; typedef struct name##__ *name
#endif
#else
typedef PVOID HANDLE;
#define DECLARE_HANDLE(name) typedef HANDLE name
#endif
typedef HANDLE *PHANDLE;

#if defined(MIDL_PASS)
typedef struct _LARGE_INTEGER
{
#else // MIDL_PASS
typedef union _LARGE_INTEGER
{
    struct
    {
        DWORD LowPart;
        LONG HighPart;
    } DUMMYSTRUCTNAME;
    struct
    {
        DWORD LowPart;
        LONG HighPart;
    } u;
#endif //MIDL_PASS
    LONGLONG QuadPart;
} LARGE_INTEGER;

#if defined(MIDL_PASS)
typedef struct _ULARGE_INTEGER
{
#else // MIDL_PASS
typedef union _ULARGE_INTEGER
{
    struct
    {
        DWORD LowPart;
        DWORD HighPart;
    } DUMMYSTRUCTNAME;
    struct
    {
        DWORD LowPart;
        DWORD HighPart;
    } u;
#endif //MIDL_PASS
    ULONGLONG QuadPart;
} ULARGE_INTEGER;

#ifndef GUID_DEFINED
#define GUID_DEFINED
#if defined(__midl)
typedef struct
{
    unsigned long  Data1;
    unsigned short Data2;
    unsigned short Data3;
    byte           Data4[8];
} GUID;
#else
typedef struct _GUID
{
    unsigned long  Data1;
    unsigned short Data2;
    unsigned short Data3;
    unsigned char  Data4[8];
} GUID;
#endif
#endif

typedef enum _EXCEPTION_DISPOSITION
{
    ExceptionContinueExecution,
    ExceptionContinueSearch,
    ExceptionNestedException,
    ExceptionCollidedUnwind
} EXCEPTION_DISPOSITION, *PEXCEPTION_DISPOSITION;

typedef struct _EXCEPTION_RECORD
{
    DWORD ExceptionCode;
    DWORD ExceptionFlags;
    struct _EXCEPTION_RECORD *ExceptionRecord;
    PVOID ExceptionAddress;
    DWORD NumberParameters;
    ULONG_PTR ExceptionInformation[EXCEPTION_MAXIMUM_PARAMETERS];
} EXCEPTION_RECORD, *PEXCEPTION_RECORD;

typedef EXCEPTION_DISPOSITION __stdcall EXCEPTION_ROUTINE(struct _EXCEPTION_RECORD *ExceptionRecord,
    PVOID EstablisherFrame, struct _CONTEXT *ContextRecord, PVOID DispatcherContext);

typedef EXCEPTION_ROUTINE *PEXCEPTION_ROUTINE;

typedef struct _EXCEPTION_REGISTRATION_RECORD
{
    struct _EXCEPTION_REGISTRATION_RECORD *Next;
    PEXCEPTION_ROUTINE Handler;
} EXCEPTION_REGISTRATION_RECORD, *PEXCEPTION_REGISTRATION_RECORD;

typedef struct _NT_TIB
{
    struct _EXCEPTION_REGISTRATION_RECORD *ExceptionList;
    PVOID StackBase;
    PVOID StackLimit;
    PVOID SubSystemTib;
#if defined(_MSC_EXTENSIONS)
    union
    {
        PVOID FiberData;
        DWORD Version;
    };
#else
    PVOID FiberData;
#endif
    PVOID ArbitraryUserPointer;
    struct _NT_TIB *Self;
} NT_TIB, *PNT_TIB;

typedef struct _CLIENT_ID
{
    HANDLE UniqueProcess;
    HANDLE UniqueThread;
} CLIENT_ID, *PCLIENT_ID;

typedef struct _LIST_ENTRY
{
    struct _LIST_ENTRY *Flink;
    struct _LIST_ENTRY *Blink;
} LIST_ENTRY, *PLIST_ENTRY, *PRLIST_ENTRY;

typedef struct _UNICODE_STRING
{
    USHORT Length;
    USHORT MaximumLength;
#ifdef MIDL_PASS
    [size_is(MaximumLength / 2), length_is((Length) / 2)] USHORT * Buffer;
#else // MIDL_PASS
    PWCH   Buffer;
#endif // MIDL_PASS
} UNICODE_STRING;
typedef UNICODE_STRING *PUNICODE_STRING;
typedef const UNICODE_STRING *PCUNICODE_STRING;

typedef struct _RTL_CRITICAL_SECTION_DEBUG
{
    WORD   Type;
    WORD   CreatorBackTraceIndex;
    struct _RTL_CRITICAL_SECTION *CriticalSection;
    LIST_ENTRY ProcessLocksList;
    DWORD EntryCount;
    DWORD ContentionCount;
    DWORD Flags;
    WORD   CreatorBackTraceIndexHigh;
    WORD   SpareWORD;
} RTL_CRITICAL_SECTION_DEBUG, *PRTL_CRITICAL_SECTION_DEBUG, RTL_RESOURCE_DEBUG, *PRTL_RESOURCE_DEBUG;

#pragma pack(push, 8)
typedef struct _RTL_CRITICAL_SECTION
{
    PRTL_CRITICAL_SECTION_DEBUG DebugInfo;
    LONG LockCount;
    LONG RecursionCount;
    HANDLE OwningThread;        // from the thread's ClientId->UniqueThread
    HANDLE LockSemaphore;
    ULONG_PTR SpinCount;        // force size on 64-bit systems when packed
} RTL_CRITICAL_SECTION, *PRTL_CRITICAL_SECTION;
#pragma pack(pop)

typedef struct _PEB_LDR_DATA
{
    UINT32 Length;
    UCHAR Initialized;
    PVOID SsHandle;
    _LIST_ENTRY InLoadOrderModuleList;
    _LIST_ENTRY InMemoryOrderModuleList;
    _LIST_ENTRY InInitializationOrderModuleList;
    PVOID EntryInProgress;
    UCHAR ShutdownInProgress;
    PVOID ShutdownThreadId;
}PEB_LDR_DATA, *PPEB_LDR_DATA;

typedef struct _LDR_MODULE
{
    LIST_ENTRY        InLoadOrderModuleList;            // +0x000
    LIST_ENTRY        InMemoryOrderModuleList;          // +0x008
    LIST_ENTRY        InInitializationOrderModuleList;  // +0x010
    PVOID             BaseAddress;                      // +0x018
    PVOID             EntryPoint;                       // +0x01C
    ULONG             SizeOfImage;                      // +0x020
    UNICODE_STRING    FullDllName;                      // +0x024
    UNICODE_STRING    BaseDllName;                      // +0x02C
    ULONG             Flags;                            // +0x034
    SHORT             LoadCount;                        // +0x038
    SHORT             TlsIndex;                         // +0x03A
    LIST_ENTRY        HashTableEntry;                   // +0x03C
    ULONG             TimeDateStamp;                    // +0x044
    // +0x048
} LDR_MODULE, *PLDR_MODULE;

typedef struct _CURDIR
{
    _UNICODE_STRING DosPath;
    PVOID Handle;
}CURDIR, *PCURDIR;

typedef struct _STRING
{
    USHORT Length;
    USHORT MaximumLength;
#ifdef MIDL_PASS
    [size_is(MaximumLength), length_is(Length)]
#endif // MIDL_PASS
    PCHAR Buffer;
} STRING;
typedef STRING *PSTRING;
typedef STRING ANSI_STRING;
typedef PSTRING PANSI_STRING;

typedef struct RTL_DRIVE_LETTER_CURDIR
{
    UINT16 Flags;
    UINT16 Length;
    UINT32 TimeStamp;
    _STRING DosPath;
}RTL_DRIVE_LETTER_CURDIR, *PRTL_DRIVE_LETTER_CURDIR;

typedef struct _RTL_USER_PROCESS_PARAMETERS
{
    UINT32 MaximumLength;
    UINT32 Length;
    UINT32 Flags;
    UINT32 DebugFlags;
    PVOID ConsoleHandle;
    UINT32 ConsoleFlags;
    PVOID StandardInput;
    PVOID StandardOutput;
    PVOID StandardError;
    _CURDIR CurrentDirectory;
    _UNICODE_STRING DllPath;
    _UNICODE_STRING ImagePathName;
    _UNICODE_STRING CommandLine;
    PVOID Environment;
    UINT32 StartingX;
    UINT32 StartingY;
    UINT32 CountX;
    UINT32 CountY;
    UINT32 CountCharsX;
    UINT32 CountCharsY;
    UINT32 FillAttribute;
    UINT32 WindowFlags;
    UINT32 ShowWindowFlags;
    _UNICODE_STRING WindowTitle;
    _UNICODE_STRING DesktopInfo;
    _UNICODE_STRING ShellInfo;
    _UNICODE_STRING RuntimeData;
    RTL_DRIVE_LETTER_CURDIR CurrentDirectores[32];
    UINT64 EnvironmentSize;
    UINT64 EnvironmentVersion;
    PVOID PackageDependencyData;
    UINT32 ProcessGroupId;
}RTL_USER_PROCESS_PARAMETERS, *PRTL_USER_PROCESS_PARAMETERS;

#pragma pack(push, 1)
typedef struct _PEB
{
    UCHAR InheritedAddressSpace;
    UCHAR ReadImageFileExecOptions;
    UCHAR BeingDebugged;
    //UCHAR BitField
    BYTE ImageUsesLargePages : 1;
    BYTE IsProtectedProcess : 1;
    BYTE IsImageDynamicallyRelocated : 1;
    BYTE SkipPatchingUser32Forwarders : 1;
    BYTE IsPackagedProcess : 1;
    BYTE IsAppContainer : 1;
    BYTE IsProtectedProcessLight : 1;
    BYTE SpareBits : 1;
    PVOID Mutant;
    PVOID ImageBaseAddress;
    PPEB_LDR_DATA Ldr;
    PRTL_USER_PROCESS_PARAMETERS ProcessParameters;
    PVOID SubSystemData;
    PVOID ProcessHeap;
    PRTL_CRITICAL_SECTION FastPebLock;
    PVOID AtlThunkSListPtr;
    PVOID IFEOKey;
    UINT32 CrossProcessFlags;
    unsigned ProcessInJob : 1;
    unsigned ProcessInitializing : 1;
    unsigned ProcessUsingVEH : 1;
    unsigned ProcessUsingVCH : 1;
    unsigned ProcessUsingFTH : 1;
    unsigned ReservedBits0 : 27;
    PVOID KernelCallbackTable;
    PVOID UserSharedInfoPtr;
    UINT32 SystemReserved;
    UINT32 AtlThunkSListPtr32;
    UINT32 ApiSetMap;
    UINT32 TlsExpansionCounter;
    UINT32 TlsBitmap;
    UINT32 TlsBitmapBits[2];
    PVOID ReadOnlySharedMemoryBase;
    PVOID HotpatchInformation;
    PVOID ReadOnlyStaticServerData;
    PVOID AnsiCodePageData;
    PVOID OemCodePageData;
    PVOID UnicodeCaseTableData;
    UINT32 NumberOfProcessors;
    UINT32 NtGlobalFlag;
    _LARGE_INTEGER CriticalSectionTimeout;
    UINT32 HeapSegmentReserve;
    UINT32 HeapSegmentCommit;
    UINT32 HeapDeCommitTotalFreeThreshold;
    UINT32 HeapDeCommitFreeBlockThreshold;
    UINT32 NumberOfHeaps;
    UINT32 MaximumNumberOfHeaps;
    PPVOID ProcessHeaps;
    PVOID GdiSharedHandleTable;
    PVOID ProcessStarterHelper;
    UINT32 GdiDCAttributeList;
    PRTL_CRITICAL_SECTION LoaderLock;
    UINT32 OSMajorVersion;
    UINT32 OSMinorVersion;
    UINT16 OSBuildNumber;
    UINT16 OSCSDVersion;
    UINT32 OSPlatformId;
    UINT32 ImageSubsystem;
    UINT32 ImageSubsystemMajorVersion;
    UINT32 ImageSubsystemMinorVersion;
    UINT32 ActiveProcessAffinityMask;
    UINT32 GdiHandleBuffer[34];
    PVOID PostProcessInitRoutine;
    PVOID TlsExpansionBitmap;
    PVOID TlsExpansionBitmapBits[32];
    UINT32 SessionId;
    _ULARGE_INTEGER AppCompatFlags;
    _ULARGE_INTEGER AppCompatFlagsUser;
    PVOID pShimData;
    PVOID AppCompatInfo;
    _UNICODE_STRING CSDVersion;
    PVOID ActivationContextData;
    PVOID ProcessAssemblyStorageMap;
    PVOID SystemDefaultActivationContextData;
    PVOID SystemAssemblyStorageMap;
    UINT32 MinimumStackCommit;
}PEB, *PPEB;
#pragma pop

typedef struct _GDI_TEB_BATCH
{
    unsigned Offset : 31;
    unsigned HasRenderingCommand : 1;
    UINT64 HDC;
    UINT32 Buffer[310];
}GDI_TEB_BATCH, *PGDI_TEB_BATCH;

typedef struct _PROCESSOR_NUMBER
{
    WORD   Group;
    BYTE  Number;
    BYTE  Reserved;
} PROCESSOR_NUMBER, *PPROCESSOR_NUMBER;

typedef struct _TEB_ACTIVE_FRAME_CONTEXT
{
    UINT32 Flags;
    PCHAR FrameName;
}TEB_ACTIVE_FRAME_CONTEXT, *PTEB_ACTIVE_FRAME_CONTEXT;

typedef struct _TEB_ACTIVE_FRAME
{
    UINT32 Flags;
    _TEB_ACTIVE_FRAME* Previous;
    PTEB_ACTIVE_FRAME_CONTEXT Context;
}TEB_ACTIVE_FRAME, *PTEB_ACTIVE_FRAME;

typedef struct _TEB
{
    _NT_TIB NtTib;
    PVOID EnvironmentPointer;
    _CLIENT_ID ClientId;
    PVOID ActiveRpcHandle;
    PVOID ThreadLocalStoragePointer;
    PPEB ProcessEnvironmentBlock;
    UINT32 LastErrorValue;
    UINT32 CountOfOwnedCriticalSections;
    PVOID CsrClientThread;
    PVOID Win32ThreadInfo;
    UINT32 User32Reserved[26];
    UINT32 UserReserved[5];
    PVOID WOW32Reserved;
    UINT32 CurrentLocale;
    UINT32 FpSoftwareStatusRegister;
    PVOID SystemReserved1[54];
    INT32 ExceptionCode;
    PVOID ActivationContextStackPointer;
    UCHAR SpareBytes[36];
    UINT32 TxFsContext;
    _GDI_TEB_BATCH GdiTebBatch;
    _CLIENT_ID RealClientId;
    PVOID GdiCachedProcessHandle;
    UINT32 GdiClientPID;
    UINT32 GdiClientTID;
    PVOID GdiThreadLocalInfo;
    UINT32 Win32ClientInfo[62];
    PVOID glDispatchTable[233];
    UINT32 glReserved1[29];
    PVOID glReserved2;
    PVOID glSectionInfo;
    PVOID glSection;
    PVOID glTable;
    PVOID glCurrentRC;
    PVOID glContext;
    UINT32 LastStatusValue;
    _UNICODE_STRING StaticUnicodeString;
    WCHAR StaticUnicodeBuffer[261];
    PVOID DeallocationStack;
    PVOID TlsSlots[64];
    _LIST_ENTRY TlsLinks;
    PVOID Vdm;
    PVOID ReservedForNtRpc;
    PVOID DbgSsReserved[2];
    UINT32 HardErrorMode;
    PVOID Instrumentation[9];
    _GUID ActivityId;
    PVOID SubProcessTag;
    PVOID EtwLocalData;
    PVOID EtwTraceData;
    PVOID WinSockData;
    UINT32 GdiBatchCount;
    _PROCESSOR_NUMBER CurrentIdealProcessor;
    UINT32 IdealProcessorValue;
    UCHAR ReservedPad0;
    UCHAR ReservedPad1;
    UCHAR ReservedPad2;
    UCHAR IdealProcessor;
    UINT32 GuaranteedStackBytes;
    PVOID ReservedForPerf;
    PVOID ReservedForOle;
    UINT32 WaitingOnLoaderLock;
    PVOID SavedPriorityState;
    UINT32 SoftPatchPtr1;
    PVOID ThreadPoolData;
    PPVOID TlsExpansionSlots;
    UINT32 MuiGeneration;
    UINT32 IsImpersonating;
    PVOID NlsCache;
    PVOID pShimData;
    UINT32 HeapVirtualAffinity;
    PVOID CurrentTransactionHandle;
    PTEB_ACTIVE_FRAME ActiveFrame;
}TEB, *PTEB;

#include <iostream>
using namespace std;
#define printsegdec(x) cout<<dec<<"\t"###x##":"<<x<<endl
#define printseghex(x) cout<<hex<<"\t"###x##":"<<x<<endl
#define printsegwstr(x) if(x) wcout<<dec<<"\t"###x##":"<<(wchar_t*)x<<endl

void main()
{
    PTEB pteb = 0;
    _asm
    {
        mov eax, dword ptr fs : [0x18];
        mov pteb, eax;
    };
    cout << hex << "TEB address:" << pteb << endl;
    printseghex(pteb->EnvironmentPointer);
    printsegdec(pteb->ClientId.UniqueProcess);
    printsegdec(pteb->ClientId.UniqueThread);
    printsegdec(pteb->ThreadLocalStoragePointer);
    printseghex(pteb->ActiveRpcHandle);
    printsegdec(pteb->LastErrorValue);
    printsegdec(pteb->CountOfOwnedCriticalSections);
    printseghex(pteb->CurrentLocale);
    printsegdec(pteb->LastStatusValue);
    cout << endl;
    //打印TIB
    NT_TIB& ptib = pteb->NtTib;
    EXCEPTION_REGISTRATION_RECORD* perr = ptib.ExceptionList;
    printseghex(ptib.StackBase);
    printseghex(ptib.StackLimit);
    while (perr != (EXCEPTION_REGISTRATION_RECORD*)-1)
    {
        printseghex(perr->Next);
        printseghex(perr->Handler);
        perr = perr->Next;
    }
    cout << endl;
    //打印PEB
    cout << hex << "PEB address:" << pteb->ProcessEnvironmentBlock << endl;
    PPEB ppeb= pteb->ProcessEnvironmentBlock;
    printsegdec((int)ppeb->InheritedAddressSpace);
    printsegdec((int)ppeb->ReadImageFileExecOptions);
    printsegdec((int)ppeb->BeingDebugged);
    printsegdec((int)ppeb->ImageUsesLargePages);
    printsegdec((int)ppeb->IsProtectedProcess);
    printsegdec((int)ppeb->IsImageDynamicallyRelocated);
    printsegdec((int)ppeb->SkipPatchingUser32Forwarders);
    printsegdec((int)ppeb->IsPackagedProcess);
    printsegdec((int)ppeb->IsAppContainer);
    printsegdec((int)ppeb->IsProtectedProcessLight);
    printsegdec((int)ppeb->SpareBits);
    printseghex(ppeb->ImageBaseAddress);
    printseghex(ppeb->ProcessHeap);
    printsegdec(ppeb->NumberOfProcessors);
    printseghex(ppeb->NtGlobalFlag);
    printseghex(ppeb->HeapSegmentReserve);
    printseghex(ppeb->HeapSegmentCommit);
    printseghex(ppeb->HeapDeCommitTotalFreeThreshold);
    printseghex(ppeb->HeapDeCommitFreeBlockThreshold);
    printsegdec(ppeb->NumberOfHeaps);
    printsegdec(ppeb->MaximumNumberOfHeaps);
    printseghex(ppeb->ProcessHeaps);
    printsegdec(ppeb->OSMajorVersion);
    printsegdec(ppeb->OSMinorVersion);
    printsegdec(ppeb->OSBuildNumber);
    printsegdec(ppeb->OSPlatformId);
    printsegdec(ppeb->ImageSubsystem);
    printsegdec(ppeb->ImageSubsystemMajorVersion);
    printsegdec(ppeb->ImageSubsystemMinorVersion);
    printsegdec(ppeb->SessionId);
    cout << endl;

    printseghex(ppeb->Ldr);
    printsegdec(ppeb->Ldr->Length);
    PLDR_MODULE plm1 = (PLDR_MODULE)ppeb->Ldr->InLoadOrderModuleList.Flink;
    cout << "LoadOrder:" << endl;
    do 
    {
        printseghex(plm1->BaseAddress);
        printseghex(plm1->EntryPoint);
        printsegdec(plm1->SizeOfImage);
        printsegwstr(plm1->FullDllName.Buffer);
        printsegwstr(plm1->BaseDllName.Buffer);
        printseghex(plm1->Flags);
        printsegdec(plm1->LoadCount);
        printsegdec(plm1->TlsIndex);
        plm1 = (PLDR_MODULE)plm1->InLoadOrderModuleList.Flink;
    } while (plm1 != (PLDR_MODULE)ppeb->Ldr->InLoadOrderModuleList.Flink);

    cout << endl;
    printseghex(ppeb->ProcessParameters);
    printsegdec(ppeb->ProcessParameters->MaximumLength);
    printsegdec(ppeb->ProcessParameters->Length);
    printseghex(ppeb->ProcessParameters->Flags);
    printseghex(ppeb->ProcessParameters->DebugFlags);
    printsegdec(ppeb->ProcessParameters->MaximumLength);
    printsegdec(ppeb->ProcessParameters->MaximumLength);
    wcout << L"\tCurrentDirectory:" << ppeb->ProcessParameters->CurrentDirectory.DosPath.Buffer<<endl;
    wcout << L"\tCommandLine:" << ppeb->ProcessParameters->CommandLine.Buffer << endl;
    wcout << L"\tWindowTitle:" << ppeb->ProcessParameters->WindowTitle.Buffer << endl;
    wcout << L"\tDesktopInfo:" << ppeb->ProcessParameters->DesktopInfo.Buffer << endl;
    cout << endl;
}

0xAA55 · 发表于 2015-5-2 14:19:25

欢迎某天尊加入驱动开发行列。

元始天尊 · 发表于 2015-5-2 23:42:05

0xAA55 发表于 2015-5-2 14:19
欢迎某天尊加入驱动开发行列。

还没呢，其实，哈哈

13*0217 · 发表于 2015-5-12 13:37:40

看到PEB 和 TEB 包含了这么多的成员，我就醉了

账号		自动登录	找回密码
密码			立即注册→加入我们