标签:
@Windows XP Professional Service Pack 3 (x86) (5.1, Build 2600)
1 lkd> dt -b _LDR_DATA_TABLE_ENTRY
2 nt!_LDR_DATA_TABLE_ENTRY
3 +0x000 InLoadOrderLinks : _LIST_ENTRY
4 +0x000 Flink : Ptr32
5 +0x004 Blink : Ptr32
6 +0x008 InMemoryOrderLinks : _LIST_ENTRY
7 +0x000 Flink : Ptr32
8 +0x004 Blink : Ptr32
9 +0x010 InInitializationOrderLinks : _LIST_ENTRY
10 +0x000 Flink : Ptr32
11 +0x004 Blink : Ptr32
12 +0x018 DllBase : Ptr32
13 +0x01c EntryPoint : Ptr32
14 +0x020 SizeOfImage : Uint4B
15 +0x024 FullDllName : _UNICODE_STRING
16 +0x000 Length : Uint2B
17 +0x002 MaximumLength : Uint2B
18 +0x004 Buffer : Ptr32
19 +0x02c BaseDllName : _UNICODE_STRING
20 +0x000 Length : Uint2B
21 +0x002 MaximumLength : Uint2B
22 +0x004 Buffer : Ptr32
23 +0x034 Flags : Uint4B
24 +0x038 LoadCount : Uint2B
25 +0x03a TlsIndex : Uint2B
26 +0x03c HashLinks : _LIST_ENTRY
27 +0x000 Flink : Ptr32
28 +0x004 Blink : Ptr32
29 +0x03c SectionPointer : Ptr32
30 +0x040 CheckSum : Uint4B
31 +0x044 TimeDateStamp : Uint4B
32 +0x044 LoadedImports : Ptr32
33 +0x048 EntryPointActivationContext : Ptr32
34 +0x04c PatchInformation : Ptr32
@Windows 7 Ultimate (x64) (6.1, Build 7600)
1 lkd> dt -b _LDR_DATA_TABLE_ENTRY
2 nt!_LDR_DATA_TABLE_ENTRY
3 +0x000 InLoadOrderLinks : _LIST_ENTRY
4 +0x000 Flink : Ptr64
5 +0x008 Blink : Ptr64
6 +0x010 InMemoryOrderLinks : _LIST_ENTRY
7 +0x000 Flink : Ptr64
8 +0x008 Blink : Ptr64
9 +0x020 InInitializationOrderLinks : _LIST_ENTRY
10 +0x000 Flink : Ptr64
11 +0x008 Blink : Ptr64
12 +0x030 DllBase : Ptr64
13 +0x038 EntryPoint : Ptr64
14 +0x040 SizeOfImage : Uint4B
15 +0x048 FullDllName : _UNICODE_STRING
16 +0x000 Length : Uint2B
17 +0x002 MaximumLength : Uint2B
18 +0x008 Buffer : Ptr64
19 +0x058 BaseDllName : _UNICODE_STRING
20 +0x000 Length : Uint2B
21 +0x002 MaximumLength : Uint2B
22 +0x008 Buffer : Ptr64
23 +0x068 Flags : Uint4B
24 +0x06c LoadCount : Uint2B
25 +0x06e TlsIndex : Uint2B
26 +0x070 HashLinks : _LIST_ENTRY
27 +0x000 Flink : Ptr64
28 +0x008 Blink : Ptr64
29 +0x070 SectionPointer : Ptr64
30 +0x078 CheckSum : Uint4B
31 +0x080 TimeDateStamp : Uint4B
32 +0x080 LoadedImports : Ptr64
33 +0x088 EntryPointActivationContext : Ptr64
34 +0x090 PatchInformation : Ptr64
35 +0x098 ForwarderLinks : _LIST_ENTRY
36 +0x000 Flink : Ptr64
37 +0x008 Blink : Ptr64
38 +0x0a8 ServiceTagLinks : _LIST_ENTRY
39 +0x000 Flink : Ptr64
40 +0x008 Blink : Ptr64
41 +0x0b8 StaticLinks : _LIST_ENTRY
42 +0x000 Flink : Ptr64
43 +0x008 Blink : Ptr64
44 +0x0c8 ContextInformation : Ptr64
45 +0x0d0 OriginalBase : Uint8B
46 +0x0d8 LoadTime : _LARGE_INTEGER
47 +0x000 LowPart : Uint4B
48 +0x004 HighPart : Int4B
49 +0x000 u : <unnamed-tag>
50 +0x000 LowPart : Uint4B
51 +0x004 HighPart : Int4B
52 +0x000 QuadPart : Int8B
C++ Code
typedef struct _LDR_DATA_TABLE_ENTRY { // Start from Windows XP LIST_ENTRY InLoadOrderLinks; LIST_ENTRY InMemoryOrderLinks; LIST_ENTRY InInitializationOrderLinks; PVOID DllBase; PVOID EntryPoint; ULONG SizeOfImage; UNICODE_STRING FullDllName; UNICODE_STRING BaseDllName; ULONG Flags; USHORT LoadCount; USHORT TlsIndex; union { LIST_ENTRY HashLinks; struct { PVOID SectionPointer; ULONG CheckSum; }; }; union { ULONG TimeDateStamp; PVOID LoadedImports; }; PVOID EntryPointActivationContext; //_ACTIVATION_CONTEXT * PVOID PatchInformation; // Start from Windows Vista LIST_ENTRY ForwarderLinks; LIST_ENTRY ServiceTagLinks; LIST_ENTRY StaticLinks; PVOID ContextInformation; PVOID OriginalBase; LARGE_INTEGER LoadTime; } LDR_DATA_TABLE_ENTRY, *PLDR_DATA_TABLE_ENTRY;
[驱动开发] struct _LDR_DATA_TABLE_ENTRY
标签:
原文地址:http://www.cnblogs.com/catchyrime/p/4222292.html
