首页 > 代码库 > [驱动开发] struct _LDR_DATA_TABLE_ENTRY
[驱动开发] struct _LDR_DATA_TABLE_ENTRY
@Windows XP Professional Service Pack 3 (x86) (5.1, Build 2600)
1 lkd> dt -b _LDR_DATA_TABLE_ENTRY 2 nt!_LDR_DATA_TABLE_ENTRY 3 +0x000 InLoadOrderLinks : _LIST_ENTRY 4 +0x000 Flink : Ptr32 5 +0x004 Blink : Ptr32 6 +0x008 InMemoryOrderLinks : _LIST_ENTRY 7 +0x000 Flink : Ptr32 8 +0x004 Blink : Ptr32 9 +0x010 InInitializationOrderLinks : _LIST_ENTRY10 +0x000 Flink : Ptr32 11 +0x004 Blink : Ptr32 12 +0x018 DllBase : Ptr32 13 +0x01c EntryPoint : Ptr32 14 +0x020 SizeOfImage : Uint4B15 +0x024 FullDllName : _UNICODE_STRING16 +0x000 Length : Uint2B17 +0x002 MaximumLength : Uint2B18 +0x004 Buffer : Ptr32 19 +0x02c BaseDllName : _UNICODE_STRING20 +0x000 Length : Uint2B21 +0x002 MaximumLength : Uint2B22 +0x004 Buffer : Ptr32 23 +0x034 Flags : Uint4B24 +0x038 LoadCount : Uint2B25 +0x03a TlsIndex : Uint2B26 +0x03c HashLinks : _LIST_ENTRY27 +0x000 Flink : Ptr32 28 +0x004 Blink : Ptr32 29 +0x03c SectionPointer : Ptr32 30 +0x040 CheckSum : Uint4B31 +0x044 TimeDateStamp : Uint4B32 +0x044 LoadedImports : Ptr32 33 +0x048 EntryPointActivationContext : Ptr32 34 +0x04c PatchInformation : Ptr32
@Windows 7 Ultimate (x64) (6.1, Build 7600)
1 lkd> dt -b _LDR_DATA_TABLE_ENTRY 2 nt!_LDR_DATA_TABLE_ENTRY 3 +0x000 InLoadOrderLinks : _LIST_ENTRY 4 +0x000 Flink : Ptr64 5 +0x008 Blink : Ptr64 6 +0x010 InMemoryOrderLinks : _LIST_ENTRY 7 +0x000 Flink : Ptr64 8 +0x008 Blink : Ptr64 9 +0x020 InInitializationOrderLinks : _LIST_ENTRY10 +0x000 Flink : Ptr64 11 +0x008 Blink : Ptr64 12 +0x030 DllBase : Ptr64 13 +0x038 EntryPoint : Ptr64 14 +0x040 SizeOfImage : Uint4B15 +0x048 FullDllName : _UNICODE_STRING16 +0x000 Length : Uint2B17 +0x002 MaximumLength : Uint2B18 +0x008 Buffer : Ptr64 19 +0x058 BaseDllName : _UNICODE_STRING20 +0x000 Length : Uint2B21 +0x002 MaximumLength : Uint2B22 +0x008 Buffer : Ptr64 23 +0x068 Flags : Uint4B24 +0x06c LoadCount : Uint2B25 +0x06e TlsIndex : Uint2B26 +0x070 HashLinks : _LIST_ENTRY27 +0x000 Flink : Ptr64 28 +0x008 Blink : Ptr64 29 +0x070 SectionPointer : Ptr64 30 +0x078 CheckSum : Uint4B31 +0x080 TimeDateStamp : Uint4B32 +0x080 LoadedImports : Ptr64 33 +0x088 EntryPointActivationContext : Ptr64 34 +0x090 PatchInformation : Ptr64 35 +0x098 ForwarderLinks : _LIST_ENTRY36 +0x000 Flink : Ptr64 37 +0x008 Blink : Ptr64 38 +0x0a8 ServiceTagLinks : _LIST_ENTRY39 +0x000 Flink : Ptr64 40 +0x008 Blink : Ptr64 41 +0x0b8 StaticLinks : _LIST_ENTRY42 +0x000 Flink : Ptr64 43 +0x008 Blink : Ptr64 44 +0x0c8 ContextInformation : Ptr64 45 +0x0d0 OriginalBase : Uint8B46 +0x0d8 LoadTime : _LARGE_INTEGER47 +0x000 LowPart : Uint4B48 +0x004 HighPart : Int4B49 +0x000 u : <unnamed-tag>50 +0x000 LowPart : Uint4B51 +0x004 HighPart : Int4B
52 +0x000 QuadPart : Int8B
C++ Code
typedef struct _LDR_DATA_TABLE_ENTRY { // Start from Windows XP LIST_ENTRY InLoadOrderLinks; LIST_ENTRY InMemoryOrderLinks; LIST_ENTRY InInitializationOrderLinks; PVOID DllBase; PVOID EntryPoint; ULONG SizeOfImage; UNICODE_STRING FullDllName; UNICODE_STRING BaseDllName; ULONG Flags; USHORT LoadCount; USHORT TlsIndex; union { LIST_ENTRY HashLinks; struct { PVOID SectionPointer; ULONG CheckSum; }; }; union { ULONG TimeDateStamp; PVOID LoadedImports; }; PVOID EntryPointActivationContext; //_ACTIVATION_CONTEXT * PVOID PatchInformation; // Start from Windows Vista LIST_ENTRY ForwarderLinks; LIST_ENTRY ServiceTagLinks; LIST_ENTRY StaticLinks; PVOID ContextInformation; PVOID OriginalBase; LARGE_INTEGER LoadTime;} LDR_DATA_TABLE_ENTRY, *PLDR_DATA_TABLE_ENTRY;
[驱动开发] struct _LDR_DATA_TABLE_ENTRY
声明:以上内容来自用户投稿及互联网公开渠道收集整理发布,本网站不拥有所有权,未作人工编辑处理,也不承担相关法律责任,若内容有误或涉及侵权可进行投诉: 投诉/举报 工作人员会在5个工作日内联系你,一经查实,本站将立刻删除涉嫌侵权内容。