📄 parsecrash420.pl
字号:
0x00 DWORD magic
0x04 *storageinfo pstorageinfo
0x08 *partitioninfo ppartitioninfo
0x0c DWORD@7 dw1
!struct partitioninfo
0x00 DWORD@8 dw
!struct storageinfo
0x0000 *somestoragestr somestring
0x0004 DWORD dw1a
0x0008 DWORD bdevhandle
0x000c wchar@16 devname
0x002c wchar@32 desc1
0x006c wchar@32 desc2
0x00ac wchar@260 partdll
0x02b4 wchar@260 profilekey
0x04bc wchar@260 fsname
0x06c4 DWORD@165 dw2
0x0958 wchar@32 desc3
0x0998 DWORD@29 dw3
0x0a0c wchar@260 driverkey
0x0c14 DWORD@11 dw4
!struct somestoragestr
0x00 DWORD codeptr
0x04 wchar@260 str
!struct FSMAP
0x00 DWORD hNext; /* Next map in list */
0x04 DWORD hFile; /* File, or INVALID_HANDLE_VALUE for just vm */
0x08 DWORD pBase; /* pointer to start of kernel mapped region */
0x0c DWORD pDirty; /* non-null if r/w real file, points to dirty bitmap */
0x10 DWORD length; /* length of mapped region */
0x14 DWORD filelen; /* length of file if hFile != INVALID_HANDLE_VALUE */
0x18 DWORD reslen; /* length of reservation */
0x1c *Name name; /* points to name of event */
0x20 *CLEANEVENT lpmlist; /* List of mappings */
0x24 DWORD dwDirty; /* Count of dirty pages */
0x28 BYTE bRestart; /* Has been flushed */
0x29 BYTE bNoAutoFlush; /* Disallow automatic flushing */
0x2a BYTE bDirectROM; /* File mapped directly from ROM */
0x2b BYTE bFlushFlags; /* Flush flags */
0x2c PGPOOL_Q pgqueue; /* list of the page owned by the mapfile */
!struct PROXY
0x00 DWORD pQPrev; /* Previous proxy for this object queue, must be first for ReQueueByPriority */
0x04 DWORD pQNext; /* Next proxy for this object queue */
0x08 DWORD pQUp;
0x0c DWORD pQDown;
0x10 DWORD pThLinkNext; /* Next proxy for this thread */
0x14 DWORD pObject; /* Pointer to object we're blocked on */
0x18 BYTE bType; /* Type of object we're blocked on */
0x19 BYTE prio; /* Current prio we're enqueued on */
0x1a WORD wCount; /* Count matching thread's wCount */
0x1c *THREAD pTh; /* Thread "owning" this proxy */
0x20 DWORD dwRetVal; /* Return value if this is why we wake up */
!struct Module
0x00 *Module lpSelf; /* Self pointer for validation */
0x04 *Module pMod; /* Next module in chain */
0x08 *wstr lpszModName; /* Module name */
0x0c DWORD inuse; /* Bit vector of use */
0x10 DWORD calledfunc; /* Called entry but not exit */
0x14 WORD@32 refcnt; /* Reference count per process*/
0x54 DWORD BasePtr; /* Base pointer of dll load (not 0 based) */
0x58 DWORD DbgFlags; /* Debug flags */
0x5c DWORD ZonePtr; /* Debug zone pointer */
0x60 DWORD startip; /* 0 based entrypoint */
0x64 openexe_t oe; /* Pointer to executable file handle */
0x74 e32_lite e32; /* E32 header */
0xbc *o32_lite o32_ptr; /* O32 chain ptr */
0xc0 DWORD dwNoNotify; /* 1 bit per process, set if notifications disabled */
0xc4 WORD wFlags;
0xc6 BYTE bTrustLevel;
0xc7 BYTE bPadding;
0xc8 *Module pmodResource; /* module that contains the resources */
0xcc DWORD rwLow; /* base address of RW section for ROM DLL */
0xd0 DWORD rwHigh; /* high address RW section for ROM DLL */
0xd4 PGPOOL_Q pgqueue; /* list of the page owned by the module */
!struct Name
0x00 WORD wPool
0x02 wchar@260 name
!struct MemoryInfo
0x00 DWORD pKData; /* start of kernel's data */
0x04 DWORD pKEnd; /* end of kernel's data & bss */
0x08 DWORD cFi; /* # of entries in free memory array */
0x0c *FreeInfo pFi; /* Pointer to cFi FREEINFO entries */
!struct FreeInfo
0x00 DWORD paStart; /* start of available region */
0x04 DWORD paEnd; /* end of region (last byte + 1) */
0x08 DWORD paRealEnd;
0x0c DWORD pUseMap; /* ptr to page usage count map */
!struct MemBlock
0x00 DWORD alk; /* 00: key code for this set of pages */
0x04 BYTE cUses; /* 04: # of page table entries sharing this leaf */
0x05 BYTE flags; /* 05: mapping flags */
0x06 WORD ixBase; /* 06: first block in region */
0x08 WORD hPf; /* 08: handle to pager */
0x0a WORD cLocks; /* 0a: lock count */
0x0c DWORD aPages; /* 0c: entrylo values */
!struct APISET
0x00 CINFO cinfo
0x14 DWORD iReg
!struct EVENT
0x00 DWORD hNext; /* Next event in list */
0x04 *PROXY pProxList;
0x08 *PROXY@32 pProxHash;
0x88 DWORD hPrev; /* previous event in list */
0x8c BYTE onequeue;
0x8d BYTE state; /* TRUE: signalled, FALSE: unsignalled */
0x8e BYTE manualreset; /* TRUE: manual reset, FALSE: autoreset */
0x8f BYTE bMaxPrio;
0x90 *Name name; /* points to name of event */
0x94 *PROXY pIntrProxy;
0x98 DWORD dwData; /* data associated with the event (CE extention) */
!struct MUTEX
0x00 DWORD hNext; /* Next mutex in list */
0x04 *PROXY pProxList;
0x08 *PROXY@32 pProxHash;
0x88 DWORD hPrev; /* previous mutex in list */
0x8c BYTE bListed;
0x8d BYTE bListedPrio;
0x8e WORD LockCount; /* current lock count */
0x90 DWORD pPrevOwned; /* Prev crit/mutex owned (for prio inversion) */ // was *MUTEX
0x94 DWORD pNextOwned; /* Next crit/mutex owned (for prio inversion) */ // was *MUTEX
0x98 DWORD pUpOwned; // was *MUTEX
0x9c DWORD pDownOwned; // was *MUTEX
0xa0 *THREAD pOwner; /* owner thread */
0xa4 *Name name; /* points to name of event */
!struct SEMAPHORE
0x00 DWORD hNext; /* Next semaphore in list */
0x04 *PROXY pProxList;
0x08 *PROXY@32 pProxHash;
0x88 DWORD hPrev; /* previous semaphore in list */
0x8c DWORD lCount; /* current count */
0x90 DWORD lMaxCount; /* Maximum count */
0x94 DWORD lPending; /* Pending count */
0x98 *Name name; /* points to name of event */
!struct DBInfo
0x00 *DBInfo next
0x04 DWORD hDatabase
0x08 DWORD dw1
0x0c DWORD dw2
0x10 *DBVolume pVolume
0x14 DWORD oid
0x18 DWORD@2 dw4
!struct DBVolume
0x00 *DBVolume next
0x04 DWORD dw1
0x08 DWORD dw2
0x0c DWORD dw3
0x10 wchar@260 path
!struct SocketInfo
0x00 DWORD@16 dw
!struct CLEANEVENT
0x00 *CLEANEVENT ceptr;
0x04 DWORD base;
0x08 DWORD size;
0x0c DWORD op;
!struct CRIT
0x00 *CRITICAL_SECTION lpcs; /* Pointer to critical_section structure */
0x04 *PROXY pProxList;
0x08 *PROXY@32 pProxHash;
0x88 *CRIT pPrev; /* previous event in list */
0x8c BYTE bListed; /* Is this on someone's owner list */
0x8d BYTE bListedPrio;
0x8e BYTE iOwnerProc; /* Index of owner process */
0x8f BYTE bPad;
0x90 DWORD pPrevOwned; /* Prev crit/mutex (for prio inversion) */ // was *CRIT
0x94 DWORD pNextOwned; /* Next crit/mutex section owned (for prio inversion) */ // was *CRIT
0x98 DWORD pUpOwned; // was *CRIT
0x9c DWORD pDownOwned; // was *CRIT
0xa0 *CRIT pNext; /* Next CRIT in list */
!struct CRITICAL_SECTION
0x00 DWORD LockCount; /* Nesting count on critical section */
0x04 DWORD OwnerThread; /* Handle of owner thread */
0x08 DWORD hCrit; /* Handle to this critical section */
0x0c DWORD needtrap; /* Trap in when freeing critical section */
0x10 DWORD dwContentions; /* Count of contentions */
!struct DWLIST
0x00 DWORD@8 dw
!struct ROMHDR
0x00 DWORD dllFirst
0x04 DWORD dllLast
0x08 DWORD physStart
0x0C DWORD physLast
0x10 DWORD nummods
0x14 DWORD ulRAMStart
0x18 DWORD ulRAMFree
0x1C DWORD ulRAMEnd
0x20 DWORD ulCopyEntries
0x24 DWORD ulCopyOffset
0x28 DWORD ulProfileLe
0x2C DWORD ulProfileOffset
0x30 DWORD numfiles
0x34 DWORD ulKernelFlags
0x38 DWORD ulFSRamPercent
0x3C DWORD ulDrivglobStart
0x40 DWORD ulDrivglobLen
0x44 WORD usCPUType
0x46 WORD usMiscFlags
0x48 DWORD pExtensions
0x4C DWORD ulTrackingStart
0x50 DWORD ulTrackingLen
!struct COPYentry
0x00 DWORD ulSource
0x04 DWORD ulDest
0x08 DWORD ulCopyLen
0x0C DWORD ulDestLen
!struct FILESentry
0x00 DWORD dwFileAttributes
0x04 FILETIME ftTime
0x0C DWORD nRealFileSize
0x10 DWORD nCompFileSize
0x14 *wstr lpszFileName
0x18 DWORD ulLoadOffset
!struct TOCentry
0x00 DWORD dwFileAttributes
0x04 FILETIME ftTime
0x0C DWORD nFileSize
0x10 *wstr lpszFileName
0x14 DWORD ulE32Offset
0x18 DWORD ulO32Offset
0x1C DWORD ulLoadOffset
!struct e32_rom
0x00 WORD e32_objcnt
0x02 WORD e32_imageflags
0x04 DWORD e32_entryrva
0x08 DWORD e32_vbase
0x0C WORD e32_subsysmajor
0x0E WORD e32_subsysminor
0x10 DWORD e32_stackmax
0x14 DWORD e32_vsize
0x18 DWORD e32_sect14rva
0x1C DWORD e32_sect14size
0x20 info@9 e32_unit
0x68 DWORD e32_subsys
!struct o32_rom
0x00 DWORD o32_vsize
0x04 DWORD o32_rva
0x08 DWORD o32_psize
0x0C DWORD o32_dataptr
0x10 DWORD o32_realaddr
0x14 DWORD o32_flags
!struct IMAGE_DEBUG_DIRECTORY
0x00 DWORD Characteristics
0x04 DWORD TimeDateStamp
0x08 WORD MajorVersion
0x0A WORD MinorVersion
0x0C DWORD Type
0x10 DWORD SizeOfData
0x14 DWORD AddressOfRawData
0x18 DWORD PointerToRawData
!struct IMAGE_DOS_HEADER
0x00 WORD e_magic /* Magic number */
0x02 WORD e_cblp /* Bytes on last page of file */
0x04 WORD e_cp /* Pages in file */
0x06 WORD e_crlc /* Relocations */
0x08 WORD e_cparhdr /* Size of header in paragraphs */
0x0a WORD e_minalloc /* Minimum extra paragraphs needed */
0x0c WORD e_maxalloc /* Maximum extra paragraphs needed */
0x0e WORD e_ss /* Initial (relative) SS value */
0x10 WORD e_sp /* Initial SP value */
0x12 WORD e_csum /* Checksum */
0x14 WORD e_ip /* Initial IP value */
0x16 WORD e_cs /* Initial (relative) CS value */
0x18 WORD e_lfarlc /* File address of relocation table */
0x1a WORD e_ovno /* Overlay number */
0x1c WORD@4 e_res /* Reserved words */
0x24 WORD e_oemid /* OEM identifier (for e_oeminfo) */
0x26 WORD e_oeminfo /* OEM information; e_oemid specific */
0x28 WORD@10 e_res2 /* Reserved words */
0x3c DWORD e_lfanew /* File address of new exe header */
!struct e32_exe
0x00 char@4 e32_magic /* Magic number E32_MAGIC */
0x04 WORD e32_cpu /* The CPU type */
0x06 WORD e32_objcnt /* Number of memory objects */
0x08 DWORD e32_timestamp /* Time EXE file was created/modified */
0x0c DWORD e32_symtaboff /* Offset to the symbol table */
0x10 DWORD e32_symcount /* Number of symbols */
0x14 WORD e32_opthdrsize /* Optional header size */
0x16 WORD e32_imageflags /* Image flags */
0x18 WORD e32_coffmagic /* Coff magic number (usually 0x10b) */
0x1a BYTE e32_linkmajor /* The linker major version number */
0x1b BYTE e32_linkminor /* The linker minor version number */
0x1c DWORD e32_codesize /* Sum of sizes of all code sections */
0x20 DWORD e32_initdsize /* Sum of all initialized data size */
0x24 DWORD e32_uninitdsize /* Sum of all uninitialized data size */
0x28 DWORD e32_entryrva /* Relative virt. addr. of entry point */
0x2c DWORD e32_codebase /* Address of beginning of code section*/
0x30 DWORD e32_database /* Address of beginning of data section*/
0x34 DWORD e32_vbase /* Virtual base address of module */
0x38 DWORD e32_objalign /* Object Virtual Address align. factor*/
0x3c DWORD e32_filealign /* Image page alignment/truncate factor*/
0x40 WORD e32_osmajor /* The operating system major ver. no. */
0x42 WORD e32_osminor /* The operating system minor ver. no. */
0x44 WORD e32_usermajor /* The user major version number */
0x46 WORD e32_userminor /* The user minor version number */
0x48 WORD e32_subsysmajor /* The subsystem major version number */
0x4a WORD e32_subsysminor /* The subsystem minor version number */
0x4c DWORD e32_res1 /* Reserved bytes - must be 0 */
0x50 DWORD e32_vsize /* Virtual size of the entire image */
0x54 DWORD e32_hdrsize /* Header information size */
0x58 DWORD e32_filechksum /* Checksum for entire file */
0x5c WORD e32_subsys /* The subsystem type */
0x5e WORD e32_dllflags /* DLL flags */
0x60 DWORD e32_stackmax /* Maximum stack size */
0x64 DWORD e32_stackinit /* Initial committed stack size */
0x68 DWORD e32_heapmax /* Maximum heap size */
0x6c DWORD e32_heapinit /* Initial committed heap size */
0x70 DWORD e32_res2 /* Reserved bytes - must be 0 */
0x74 DWORD e32_hdrextra /* Number of extra info units in header*/
0x78 info@16 e32_unit /* Array of extra info units */
!struct o32_obj
0x00 char@8 o32_name; /* Object name */
0x08 DWORD o32_vsize; /* Virtual memory size */
0x0c DWORD o32_rva; /* Object relative virtual address */
0x10 DWORD o32_psize; /* Physical file size of init. data */
0x14 DWORD o32_dataptr; /* Image pages offset */
0x18 DWORD o32_realaddr; /* pointer to actual */
0x1c DWORD o32_access; /* assigned access */
0x20 DWORD o32_temp3;
0x24 DWORD o32_flags; /* Attribute flags for the object */
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -