union _KIDTENTRY64 different from Intel manual and WinDbg

VergiliusProject / vergilius-project

This project provides a collection of Microsoft Windows kernel structures, unions and enumerations. Most of them are not officially documented and cannot be found in Windows Driver Kit (WDK) headers. The target audience of this site is driver developers and kernel researches.

https://www.vergiliusproject.com

161 stars 32 forks source link

union _KIDTENTRY64 different from Intel manual and WinDbg #15

Open mn297 opened 2 years ago

mn297 commented 2 years ago

VERSION Windows 10 21H1

PROBLEM

the current union _KIDTENTRY64 is different from WinDbg and Intel Manual (p.3014 of 4778) IDT_Descriptor

FIX

//0x10 bytes (sizeof)
union _KIDTENTRY64
{
    struct
    {
        USHORT OffsetLow;                                                   //0x0
        USHORT Selector;                                                    //0x2
        struct
        {
            USHORT IstIndex:3;                                              //0x4
            USHORT Reserved0:5;                                             //0x4
            USHORT Type:5;                                                  //0x4
            USHORT Dpl:2;                                                   //0x4
            USHORT Present:1;                                               //0x4
        };

        USHORT OffsetMiddle;                                                //0x6
        ULONG OffsetHigh;                                                   //0x8
        ULONG Reserved1;                                                    //0xc
    };
    ULONGLONG Alignment;                                                    //0x0
};

SergiusTheBest commented 2 years ago

Thanks!