TEBPEB相关结构体
ntdll!_EXCEPTION_REGISTRATION_RECORD
+0x000 Next : Ptr32 _EXCEPTION_REGISTRATION_RECORD
+0x004 Handler : Ptr32 _EXCEPTION_DISPOSITION
ntdll!_EXCEPTION_DISPOSITION
ExceptionContinueExecution = 0n0
ExceptionContinueSearch = 0n1
ExceptionNestedException = 0n2
ExceptionCollidedUnwind = 0n3
ntdll!_CLIENT_ID
+0x000 UniqueProcess : Ptr32 Void
+0x004 UniqueThread : Ptr32 Void
ntdll!_PEB_LDR_DATA
+0x000 Length : Uint4B
+0x004 Initialized : UChar
+0x008 SsHandle : Ptr32 Void
+0x00c InLoadOrderModuleList : _LIST_ENTRY
+0x014 InMemoryOrderModuleList : _LIST_ENTRY
+0x01c InInitializationOrderModuleList : _LIST_ENTRY
+0x024 EntryInProgress : Ptr32 Void
+0x028 ShutdownInProgress : UChar
+0x02c ShutdownThreadId : Ptr32 Void
ntdll!_LIST_ENTRY
+0x000 Flink : Ptr32 _LIST_ENTRY
+0x004 Blink : Ptr32 _LIST_ENTRY
ntdll!_RTL_USER_PROCESS_PARAMETERS
+0x000 MaximumLength : Uint4B
+0x004 Length : Uint4B
+0x008 Flags : Uint4B
+0x00c DebugFlags : Uint4B
+0x010 ConsoleHandle : Ptr32 Void
+0x014 ConsoleFlags : Uint4B
+0x018 StandardInput : Ptr32 Void
+0x01c StandardOutput : Ptr32 Void
+0x020 StandardError : Ptr32 Void
+0x024 CurrentDirectory : _CURDIR
+0x030 DllPath : _UNICODE_STRING
+0x038 ImagePathName : _UNICODE_STRING
+0x040 CommandLine : _UNICODE_STRING
+0x048 Environment : Ptr32 Void
+0x04c StartingX : Uint4B
+0x050 StartingY : Uint4B
+0x054 CountX : Uint4B
+0x058 CountY : Uint4B
+0x05c CountCharsX : Uint4B
+0x060 CountCharsY : Uint4B
+0x064 FillAttribute : Uint4B
+0x068 WindowFlags : Uint4B
+0x06c ShowWindowFlags : Uint4B
+0x070 WindowTitle : _UNICODE_STRING
+0x078 DesktopInfo : _UNICODE_STRING
+0x080 ShellInfo : _UNICODE_STRING
+0x088 RuntimeData : _UNICODE_STRING
+0x090 CurrentDirectores : [32] _RTL_DRIVE_LETTER_CURDIR
+0x290 EnvironmentSize : Uint4B
+0x294 EnvironmentVersion : Uint4B
ntdll!_CURDIR
+0x000 DosPath : _UNICODE_STRING
+0x008 Handle : Ptr32 Void
ntdll!_UNICODE_STRING
+0x000 Length : Uint2B
+0x002 MaximumLength : Uint2B
+0x004 Buffer : Ptr32 Uint2B
ntdll!_RTL_DRIVE_LETTER_CURDIR
+0x000 Flags : Uint2B
+0x002 Length : Uint2B
+0x004 TimeStamp : Uint4B
+0x008 DosPath : _STRING
ntdll!_STRING
+0x000 Length : Uint2B
+0x002 MaximumLength : Uint2B
+0x004 Buffer : Ptr32 Char
ntdll!_RTL_CRITICAL_SECTION
+0x000 DebugInfo : Ptr32 _RTL_CRITICAL_SECTION_DEBUG
+0x004 LockCount : Int4B
+0x008 RecursionCount : Int4B
+0x00c OwningThread : Ptr32 Void
+0x010 LockSemaphore : Ptr32 Void
+0x014 SpinCount : Uint4B
ntdll!_RTL_CRITICAL_SECTION_DEBUG
+0x000 Type : Uint2B
+0x002 CreatorBackTraceIndex : Uint2B
+0x004 CriticalSection : Ptr32 _RTL_CRITICAL_SECTION
+0x008 ProcessLocksList : _LIST_ENTRY
+0x010 EntryCount : Uint4B
+0x014 ContentionCount : Uint4B
+0x018 Flags : Uint4B
+0x01c CreatorBackTraceIndexHigh : Uint2B
+0x01e SpareUSHORT : Uint2B
ntdll!_LARGE_INTEGER
+0x000 LowPart : Uint4B
+0x004 HighPart : Int4B
+0x000 u :
+0x000 QuadPart : Int8B
ntdll!_ULARGE_INTEGER
+0x000 LowPart : Uint4B
+0x004 HighPart : Uint4B
+0x000 u :
+0x000 QuadPart : Uint8B
ntdll!_ACTIVATION_CONTEXT_STACK
+0x000 ActiveFrame : Ptr32 _RTL_ACTIVATION_CONTEXT_STACK_FRAME
+0x004 FrameListCache : _LIST_ENTRY
+0x00c Flags : Uint4B
+0x010 NextCookieSequenceNumber : Uint4B
+0x014 StackId : Uint4B
ntdll!_RTL_ACTIVATION_CONTEXT_STACK_FRAME
+0x000 Previous : Ptr32 _RTL_ACTIVATION_CONTEXT_STACK_FRAME
+0x004 ActivationContext : Ptr32 _ACTIVATION_CONTEXT 未知,可能是内核结构?
+0x008 Flags : Uint4B
ntdll!_GDI_TEB_BATCH
+0x000 Offset : Uint4B
+0x004 HDC : Uint4B
+0x008 Buffer : [310] Uint4B
ntdll!_GUID
+0x000 Data1 : Uint4B
+0x004 Data2 : Uint2B
+0x006 Data3 : Uint2B
+0x008 Data4 : [8] UChar
ntdll!_PROCESSOR_NUMBER
+0x000 Group : Uint2B
+0x002 Number : UChar
+0x003 Reserved : UChar
ntdll!_TEB_ACTIVE_FRAME
+0x000 Flags : Uint4B
+0x004 Previous : Ptr32 _TEB_ACTIVE_FRAME
+0x008 Context : Ptr32 _TEB_ACTIVE_FRAME_CONTEXT
ntdll!_TEB_ACTIVE_FRAME_CONTEXT
+0x000 Flags : Uint4B
+0x004 FrameName : Ptr32 Char
