📄 parsecrash420.pl
字号:
0x15 SH_SHELL
0x16 SH_DEVMGR_APIS
0x17 SH_TAPI
0x18 SH_PATCHER
0x1a SH_SERVICES
!e32infotypes
0x00 EXP // Export Directory
0x01 IMP // Import Directory
0x02 RES // Resource Directory
0x03 EXC // Exception Directory
0x04 SEC // Certificates Directory
0x05 FIX // Base Relocation Directory
0x06 DEB // Debug Directory
0x07 IMD // Architecture Directory
0x08 MSP // Global Pointer Directory
0x09 TLS // Thread Storage Directory
0x0a CBK // Load Configuration Directory
0x0b RS1 // Bound Import Directory
0x0c RS2 // Import Address Table Directory
0x0d RS3 // Delay Import Directory
0x0e RS4 // COM Descriptor Directory
0x0f RS5 // Reserved Directory
!file_device_types
0x0001 FILE_DEVICE_BEEP
0x0002 FILE_DEVICE_CD_ROM
0x0003 FILE_DEVICE_CD_ROM_FILE_SYSTEM
0x0004 FILE_DEVICE_CONTROLLER
0x0005 FILE_DEVICE_DATALINK
0x0006 FILE_DEVICE_DFS
0x0007 FILE_DEVICE_DISK
0x0008 FILE_DEVICE_DISK_FILE_SYSTEM
0x0009 FILE_DEVICE_FILE_SYSTEM
0x000a FILE_DEVICE_INPORT_PORT
0x000b FILE_DEVICE_KEYBOARD
0x000c FILE_DEVICE_MAILSLOT
0x000d FILE_DEVICE_MIDI_IN
0x000e FILE_DEVICE_MIDI_OUT
0x000f FILE_DEVICE_MOUSE
0x0010 FILE_DEVICE_MULTI_UNC_PROVIDER
0x0011 FILE_DEVICE_NAMED_PIPE
0x0012 FILE_DEVICE_NETWORK
0x0013 FILE_DEVICE_NETWORK_BROWSER
0x0014 FILE_DEVICE_NETWORK_FILE_SYSTEM
0x0015 FILE_DEVICE_NULL
0x0016 FILE_DEVICE_PARALLEL_PORT
0x0017 FILE_DEVICE_PHYSICAL_NETCARD
0x0018 FILE_DEVICE_PRINTER
0x0019 FILE_DEVICE_SCANNER
0x001a FILE_DEVICE_SERIAL_MOUSE_PORT
0x001b FILE_DEVICE_SERIAL_PORT
0x001c FILE_DEVICE_SCREEN
0x001d FILE_DEVICE_SOUND
0x001e FILE_DEVICE_STREAMS
0x001f FILE_DEVICE_TAPE
0x0020 FILE_DEVICE_TAPE_FILE_SYSTEM
0x0021 FILE_DEVICE_TRANSPORT
0x0022 FILE_DEVICE_UNKNOWN
0x0023 FILE_DEVICE_VIDEO
0x0024 FILE_DEVICE_VIRTUAL_DISK
0x0025 FILE_DEVICE_WAVE_IN
0x0026 FILE_DEVICE_WAVE_OUT
0x0027 FILE_DEVICE_8042_PORT
0x0028 FILE_DEVICE_NETWORK_REDIRECTOR
0x0029 FILE_DEVICE_BATTERY
0x0029 FILE_DEVICE_PARTITION
0x002a FILE_DEVICE_BUS_EXTENDER
0x002b FILE_DEVICE_MODEM
0x002c FILE_DEVICE_VDM
0x002d FILE_DEVICE_MASS_STORAGE
0x002e FILE_DEVICE_SMB
0x002f FILE_DEVICE_KS
0x0030 FILE_DEVICE_CHANGER
0x0030 FILE_DEVICE_STORE
0x0031 FILE_DEVICE_SMARTCARD
0x0032 FILE_DEVICE_ACPI
0x0032 FILE_DEVICE_POWER
0x0033 FILE_DEVICE_DVD
0x0034 FILE_DEVICE_FULLSCREEN_VIDEO
0x0035 FILE_DEVICE_DFS_FILE_SYSTEM
0x0036 FILE_DEVICE_DFS_VOLUME
0x0101 FILE_DEVICE_HAL
0x0102 FILE_DEVICE_CONSOLE
0x0103 FILE_DEVICE_PSL
0x0104 FILE_DEVICE_SERVICE
!struct FILETIME
0x00 DWORD ftLow
0x04 DWORD ftHigh
!struct wstr
0x00 wchar@260 str
!struct CPUCONTEXT
0x0000 DWORD Psr
0x0004 DWORD reg_R0
0x0008 DWORD reg_R1
0x000c DWORD reg_R2
0x0010 DWORD reg_R3
0x0014 DWORD reg_R4
0x0018 DWORD reg_R5
0x001c DWORD reg_R6
0x0020 DWORD reg_R7
0x0024 DWORD reg_R8
0x0028 DWORD reg_R9
0x002c DWORD reg_R10
0x0030 DWORD reg_R11
0x0034 DWORD reg_R12
0x0038 DWORD reg_Sp
0x003c DWORD reg_Lr
0x0040 DWORD reg_Pc
0x0044 DWORD Fpscr
0x0048 DWORD FpExc
0x004c DWORD@33 S
0x00d0 DWORD@8 FpExtra
!struct CALLSTACK
0x0000 *CALLSTACK pcstkNext
0x0004 DWORD retAddr /* return address */
0x0008 *PROCESS pprcLast /* previous process */
0x000c DWORD akyLast /* previous access key */
0x0010 DWORD extra /* extra CPU dependent data */
0x0014 DWORD dwPrevSP /* SP of caller */
0x0018 DWORD dwPrcInfo /* information about the caller (mode, callback?, etc) */
!struct THREAD
0x0000 WORD wInfo; /* 00: various info about thread, see above */
0x0002 BYTE bSuspendCnt; /* 02: thread suspend count */
0x0003 BYTE bWaitState; /* 03: state of waiting loop */
0x0004 *PROXY pProxList; /* 04: list of proxies to threads blocked on this thread */
0x0008 *THREAD pNextInProc; /* 08: next thread in this process */
0x000c *PROCESS pProc; /* 0C: pointer to current process */
0x0010 *PROCESS pOwnerProc; /* 10: pointer to owner process */
0x0014 DWORD aky; /* 14: keys used by thread to access memory & handles */
0x0018 *CALLSTACK pcstkTop; /* 18: current api call info */
0x001c DWORD dwOrigBase; /* 1C: Original stack base */
0x0020 DWORD dwOrigStkSize; /* 20: Size of the original thread stack */
0x0024 *DWORD tlsPtr; /* 24: tls pointer */
0x0028 DWORD dwWakeupTime; /* 28: sleep count, also pending sleepcnt on waitmult */
0x002c *DWORD tlsSecure; /* 2c: TLS for secure stack */
0x0030 *DWORD tlsNonSecure; /* 30: TLS for non-secure stack */
0x0034 *PROXY lpProxy; /* 34: first proxy this thread is blocked on */
0x0038 DWORD dwLastError; /* 38: last error */
0x003c DWORD hTh; /* 3C: Handle to this thread, needed by NextThread */
0x0040 BYTE bBPrio; /* 40: base priority */
0x0041 BYTE bCPrio; /* 41: curr priority */
0x0042 WORD wCount; /* 42: nonce for blocking lists */
0x0044 *THREAD pPrevInProc; /* 44: previous thread in this process */
0x0048 DWORD pThrdDbg; /* 48: pointer to thread debug structure, if any */
0x004c DWORD pSwapStack; /* 4c */
0x0050 DWORD ftCreate_dwLowDateTime; /* 50: time thread is created */
0x0054 DWORD ftCreate_dwHighDateTime;
0x0058 DWORD lpce; /* 58: cleanevent for unqueueing blocking lists */ - used to be 'CLEANEVENT'
0x005c DWORD dwStartAddr; /* 5c: thread PC at creation, used to get thread name */
0x0060 CPUCONTEXT ctx; /* 60: thread's cpu context information */
0x0150 *THREAD pNextSleepRun; /* ??: next sleeping thread, if sleeping, else next on runq if runnable */
0x0154 *THREAD pPrevSleepRun; /* ??: back pointer if sleeping or runnable */
0x0158 *THREAD pUpRun; /* ??: up run pointer (circulaar) */
0x015c *THREAD pDownRun; /* ??: down run pointer (circular) */
0x0160 *THREAD pUpSleep; /* ??: up sleep pointer (null terminated) */
0x0164 *THREAD pDownSleep; /* ??: down sleep pointer (null terminated) */
0x0168 DWORD pOwnedList; /* ??: list of crits and mutexes for priority inversion */
0x016c DWORD@32 pOwnedHash;
0x01ec DWORD dwQuantum; /* ??: thread quantum */
0x01f0 DWORD dwQuantLeft; /* ??: quantum left */
0x01f4 *PROXY lpCritProxy; /* ??: proxy from last critical section block, in case stolen back */
0x01f8 *PROXY lpPendProxy; /* ??: pending proxies for queueing */
0x01fc DWORD dwPendReturn; /* ??: return value from pended wait */
0x0200 DWORD dwPendTime; /* ??: timeout value of wait operation */
0x0204 *THREAD pCrabPth;
0x0208 WORD wCrabCount;
0x020a WORD wCrabDir;
0x020c DWORD dwPendWakeup; /* ??: pending timeout */
0x0210 WORD wCount2; /* ??: nonce for SleepList */
0x0212 BYTE bPendSusp; /* ??: pending suspend count */
0x0213 BYTE bDbgCnt; /* ??: recurse level in debug message */
0x0214 DWORD hLastCrit; /* ??: Last crit taken, cleared by nextthread */
0x0218 CALLSTACK IntrStk;
0x0234 DWORD dwKernTime; /* ??: elapsed kernel time */
0x0238 DWORD dwUserTime; /* ??: elapsed user time */
!struct openexe_t
0x00 DWORD handle // object store handle
0x04 BYTE filetype
0x05 BYTE bIsOID
0x06 WORD pagemode
0x08 DWORD offset
0x0c *Name name
!struct info
0x00 DWORD rva /* Virtual relative address of info */
0x04 DWORD size /* Size of information block */
!struct e32_lite
0x00 WORD e32_objcnt /* Number of memory objects */
0x02 BYTE e32_cevermajor /* version of CE built for */
0x03 BYTE e32_ceverminor /* version of CE built for */
0x04 DWORD e32_stackmax /* Maximum stack size */
0x08 DWORD e32_vbase /* Virtual base address of module */
0x0c DWORD e32_vsize /* Virtual size of the entire image */
0x10 DWORD e32_sect14rva /* section 14 rva */
0x14 DWORD e32_sect14size /* section 14 size */
# wce5: DWORD e32_timestamp; /* Time EXE/DLL was created/modified */
0x18 info@6 e32_unit /* Array of extra info units */
# wce5: @7 ( including DEB section )
!struct o32_lite
0x00 DWORD o32_vsize
0x04 DWORD o32_rva
0x08 DWORD o32_realaddr
0x0c DWORD o32_access
0x10 DWORD o32_flags
0x14 DWORD o32_psize
0x18 DWORD o32_dataptr
!struct PGPOOL_Q
0x00 WORD idxHead; /* head of the queue */
0x02 WORD idxTail; /* tail of the queue */
!struct PROCESS
0x00 BYTE procnum /* 00: ID of this process [ie: it's slot number] */
0x01 BYTE DbgActive /* 01: ID of process currently DebugActiveProcess'ing this process */
0x02 BYTE bChainDebug /* 02: Did the creator want to debug child processes? */
0x03 BYTE bTrustLevel /* 03: level of trust of this exe */
0x04 *PROXY pProxList /* 04: list of proxies to threads blocked on this process */
0x08 DWORD hProc /* 08: handle for this process, needed only for SC_GetProcFromPtr */
0x0c DWORD dwVMBase /* 0C: base of process's memory section, or 0 if not in use */
0x10 *THREAD pTh /* 10: first thread in this process */
0x14 DWORD aky /* 14: default address space key for process's threads */
0x18 DWORD BasePtr /* 18: Base pointer of exe load */
0x1c DWORD hDbgrThrd /* 1C: handle of thread debugging this process, if any */
0x20 *wstr lpszProcName /* 20: name of process */
0x24 DWORD tlsLowUsed /* 24: TLS in use bitmask (first 32 slots) */
0x28 DWORD tlsHighUsed /* 28: TLS in use bitmask (second 32 slots) */
0x2c DWORD pfnEH /* 2C: process exception handler */
0x30 DWORD ZonePtr /* 30: Debug zone pointer */
0x34 *THREAD pMainTh /* 34 primary thread in this process*/
0x38 *Module pmodResource /* 38: module that contains the resources */
0x3c *Name@3 pStdNames /* 3C: Pointer to names for stdio */
0x48 *wstr pcmdline /* 48: Pointer to command line */
0x4c DWORD dwDyingThreads /* 4C: number of pending dying threads */
0x50 openexe_t oe /* 50: Pointer to executable file handle */
0x60 e32_lite e32 /* ??: structure containing exe header */
0xa8 *o32_lite o32_ptr /* ??: o32 array pointer for exe */
0xac DWORD pExtPdata /* ??: extend pdata */
0xb0 BYTE bPrio /* ??: highest priority of all threads of the process */
0xb1 BYTE fNoDebug /* ??: this process cannot be debugged */
0xb2 WORD wPad /* padding */
0xb4 PGPOOL_Q pgqueue /* ??: list of the page owned by the process */
!struct CINFO
0x00 char@4 acName /* 00: object type ID string */
0x04 BYTE disp /* 04: type of dispatch */
0x05 BYTE type /* 05: api handle type */
0x06 WORD cMethods /* 06: # of methods in dispatch table */
0x08 DWORD ppfnMethods /* 08: ptr to array of methods (in server address space) */
0x0c DWORD pdwSig /* 0C: ptr to array of method signatures */
0x10 *PROCESS pServer /* 10: ptr to server process */
!struct HDATA
0x00 DWORD fwd /* 00: links for active handle list */
0x04 DWORD back
0x08 DWORD hValue /* 08: Current value of handle (nonce) */
0x0c DWORD lock /* 0C: access information */
0x10 DWORD ref /* 10: reference information */
0x14 *CINFO pci /* 14: ptr to object class description structure */
0x18 DWORD pvObj /* 18: ptr to object */
0x1c DWORD dwInfo /* 1C: extra handle info */
!struct FFSDinfo
0x00 *FFSDinfo next
0x04 *FFSDinfo prev
0x08 *FFSDinfo pPartition
0x0c *FFSDinfo pFile1
0x10 *FFSDinfo pFile2
0x14 DWORD hProcess
0x18 DWORD hFile
0x1c *GTGTinfo pGtgtInfo // seems to be gtgt struct only in some cases.
0x20 wchar@8 name
!struct GTGTinfo
0x00 DWORD magic
0x04 DWORD dw1
0x08 *GDGDinfo pdgdginfo
0x0c *wstr pWStrName
0x10 *GTGTinfo pNext
0x14 *GTGTinfo pPrev
0x18 DWORD dw6
0x1c DWORD dw7
!struct GDGDinfo
0x00 DWORD magic
0x04 *wstr name
0x08 *GTGTinfo pgtgt1
0x0c DWORD dw1
0x10 *GTGTinfo pgtgt2
0x14 DWORD dw2
0x18 DWORD dw3
0x1c DWORD dw4
!struct fsopendev_t
0x00 *fsopendev_t nextptr
0x04 DWORD dwOpenData
0x08 *fsdev_t lpDev
0x0c *DWORD lpdwDevRefCnt
0x10 DWORD dwOpenRefCnt
0x14 DWORD KHandle
0x18 DWORD hProc
!struct fsdev_t
0x00 *fsdev_t listnext
0x04 *fsdev_t listprev
0x08 DWORD index
0x0c DWORD dwData
0x10 DWORD dwLoadOrder
0x14 DWORD fnInit
0x18 DWORD fnDeinit
0x1c DWORD fnOpen
0x20 DWORD fnClose
0x24 DWORD fnRead
0x28 DWORD fnWrite
0x2c DWORD fnSeek
0x30 DWORD fnControl
0x34 DWORD fnPowerup
0x38 DWORD fnPowerdn
0x3c DWORD hLib
0x40 DWORD dwId
0x44 DWORD PwrOn
0x48 wchar@3 type
0x4e WORD wFlags
0x50 DWORD dwRefCnt
!struct W32Hinfo
0x00 DWORD w0
0x04 *W32Hinfo next
0x08 DWORD w1
0x0c DWORD oid
0x10 *GTGTinfo pgtgt
0x14 DWORD w2
0x18 DWORD w3
0x1c DWORD w4
0x20 DWORD w5
!struct BDEVinfo
0x000 DWORD@11 dw1
0x02c wchar@256 name1
0x22c DWORD@13 dw2
0x260 wchar@28 name2
0x298 DWORD@2 dw3
!struct STRGinfo
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -