Why is msdn lying to us?

D

Dutymy2021-10-27 20:57:02

C++ / C#

Dutymy, 2021-10-27 20:57:02

Trying to somehow study the structures of peb and teb, I noticed that the library winternl.hand https://docs.microsoft.com/en-us/windows/win32/api... describes

typedef struct _PEB_LDR_DATA {
  BYTE       Reserved1[8];
  PVOID      Reserved2[3];
  LIST_ENTRY InMemoryOrderModuleList;
} PEB_LDR_DATA, *PPEB_LDR_DATA;

Although from other sources https://doxygen.reactos.org/d6/d52/struct__PEB__LD...

typedef struct _PEB_LDR_DATA {
    /*+0x000*/ unsigned long Length; // Uint4B
    /*+0x004*/ unsigned char Initialized; // UChar
    /*+0x008*/ void * SsHandle; // Ptr64 Void
    /*+0x010*/ LIST_ENTRY InLoadOrderModuleList; // _LIST_ENTRY
    /*+0x020*/ LIST_ENTRY InMemoryOrderModuleList; // _LIST_ENTRY
    /*+0x030*/ LIST_ENTRY InInitializationOrderModuleList; //_LIST_ENTRY
    /*+0x040*/ void * EntryInProgress; // Ptr64 Void
    /*+0x048*/ unsigned char ShutdownInProgress; // UChar
    /*+0x050*/ void * ShutdownThreadId; // Ptr64 Void
} PEB_LDR_DATA;

Actually getting LIST_ENTRY * listEntry = peb->Ldr->InLoadOrderModuleList.Flink is possible, is there a full version winternl.h?

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

R

Rsa97, 2021-10-27
@Dutymy

In the second case, the structure refers to the btrfs_drv.h file from ReactOS.