win-polyfill / win-polyfill-pebteb

MIT License

0 stars 0 forks source link

TEB::Spare1 versions check #7

Closed lygstate closed 4 months ago

lygstate commented 4 months ago

pebteb

This is a header write manually by reference PEBTEB phnt ntpebteb.h systeminformer ntpebteb.h

https://www.geoffchappell.com/studies/windows/km/ntoskrnl/inc/api/pebteb/teb/index.htm

Should change from

Offset (x86)	Offset (x64)	Definition	Versions
0x019C	0x02B8	UCHAR WorkingOnBehalfOfTicket [8];	1607 and higher
0x01A4 (3.10 to 4.0)		PVOID Spare1;	3.10 to 4.0
0x01A8 (3.10 to 4.0);		PVOID Spare2;	3.10 to 3.51
0x01A4	0x02C0	LONG ExceptionCode;	4.0 and higher
	0x02C4	UCHAR Padding0 [4];	6.3 and higher

to

Offset (x86)	Offset (x64)	Definition	Versions
0x019C	0x02B8	UCHAR WorkingOnBehalfOfTicket [8];	1607 and higher
0x01A4 (3.10 to 4.0)		PVOID Spare1;	3.10 to 4.0
0x01A8		PVOID Spare2;	3.10 to 3.51
0x01A8		LONG ExceptionCode;	4.0 only
0x01A4 (5.0 and higher)	0x02C0	LONG ExceptionCode;	5.0 and higher
	0x02C4	UCHAR Padding0 [4];	6.3 and higher