Merge pull request #14 from ntoskrnl7/fix/peb-teb

Fix PEB, TEB
ntoskrnl7 · Aug 23, 2022 · 32f2abc · 32f2abc
2 parents 8883233 + eadb396
commit 32f2abc
Show file tree

Hide file tree

Showing 5 changed files with 31 additions and 3 deletions.
diff --git a/include/Ldk/peb.h b/include/Ldk/peb.h
@@ -3,8 +3,22 @@
 #ifndef _LDK_PEB_
 #define _LDK_PEB_
 
+#include <winnt.h>
+#include <minwindef.h>
+
+#define RTL_USER_PROC_SECURE_PROCESS            0x80000000
+
+typedef struct _RTL_USER_PROCESS_PARAMETERS {
+     ULONG MaximumLength;
+     ULONG Length;
+     ULONG Flags;
+} RTL_USER_PROCESS_PARAMETERS, *PRTL_USER_PROCESS_PARAMETERS;
+
+#define FLG_APPLICATION_VERIFIER    			0x0100
+
 typedef struct _LDK_PEB {
 	ULONG NtGlobalFlag;
+	PRTL_USER_PROCESS_PARAMETERS ProcessParameters;
 } LDK_PEB, *PLDK_PEB;
 
 #endif // _LDK_PEB_
diff --git a/include/Ldk/teb.h b/include/Ldk/teb.h
@@ -0,0 +1,12 @@
+#pragma once
+
+#ifndef _LDK_TEB_
+#define _LDK_TEB_
+
+#include "peb.h"
+
+typedef struct _LDK_TEB {
+	PLDK_PEB ProcessEnvironmentBlock;
+} LDK_TEB, *PLDK_TEB;
+
+#endif // _LDK_TEB_
diff --git a/src/peb.h b/src/peb.h
@@ -49,10 +49,11 @@ typedef struct _RTL_USER_PROCESS_PARAMETERS {
 typedef struct _LDK_PEB {
 
 	ULONG NtGlobalFlag;
+	PRTL_USER_PROCESS_PARAMETERS ProcessParameters;
 
 	PVOID ImageBaseAddress;
 	SIZE_T ImageBaseSize;
-     
+
      // \??\X:\~~~
 	ANSI_STRING FullPathName;
 
@@ -61,8 +62,6 @@ typedef struct _LDK_PEB {
 
 	LARGE_INTEGER CriticalSectionTimeout;
 
-	PRTL_USER_PROCESS_PARAMETERS ProcessParameters;
-
 	PDRIVER_OBJECT DriverObject;
 	UNICODE_STRING RegistryPath;
 

diff --git a/src/teb.c b/src/teb.c
@@ -46,6 +46,7 @@ LdkpCreateTeb (
 		ExFreeToNPagedLookasideList(&LdkpTebLookaside, Teb);
 		return NULL;
 	}
+	Teb->ProcessEnvironmentBlock = LdkCurrentPeb();
 	return Teb;
 }
 

diff --git a/src/teb.h b/src/teb.h
@@ -6,6 +6,8 @@
 
 typedef struct _LDK_TEB {
 
+	PLDK_PEB ProcessEnvironmentBlock;
+
 	EX_RUNDOWN_REF RundownProtect;
 
 	PETHREAD Thread;