📄 parsecrash420.pl
字号:
0x15 SH_SHELL0x16 SH_DEVMGR_APIS0x17 SH_TAPI0x18 SH_PATCHER0x1a SH_SERVICES!e32infotypes0x00 EXP // Export Directory0x01 IMP // Import Directory0x02 RES // Resource Directory0x03 EXC // Exception Directory0x04 SEC // Certificates Directory0x05 FIX // Base Relocation Directory0x06 DEB // Debug Directory0x07 IMD // Architecture Directory0x08 MSP // Global Pointer Directory0x09 TLS // Thread Storage Directory0x0a CBK // Load Configuration Directory0x0b RS1 // Bound Import Directory0x0c RS2 // Import Address Table Directory0x0d RS3 // Delay Import Directory0x0e RS4 // COM Descriptor Directory0x0f RS5 // Reserved Directory!file_device_types0x0001 FILE_DEVICE_BEEP 0x0002 FILE_DEVICE_CD_ROM 0x0003 FILE_DEVICE_CD_ROM_FILE_SYSTEM 0x0004 FILE_DEVICE_CONTROLLER 0x0005 FILE_DEVICE_DATALINK 0x0006 FILE_DEVICE_DFS 0x0007 FILE_DEVICE_DISK 0x0008 FILE_DEVICE_DISK_FILE_SYSTEM 0x0009 FILE_DEVICE_FILE_SYSTEM 0x000a FILE_DEVICE_INPORT_PORT 0x000b FILE_DEVICE_KEYBOARD 0x000c FILE_DEVICE_MAILSLOT 0x000d FILE_DEVICE_MIDI_IN 0x000e FILE_DEVICE_MIDI_OUT 0x000f FILE_DEVICE_MOUSE 0x0010 FILE_DEVICE_MULTI_UNC_PROVIDER 0x0011 FILE_DEVICE_NAMED_PIPE 0x0012 FILE_DEVICE_NETWORK 0x0013 FILE_DEVICE_NETWORK_BROWSER 0x0014 FILE_DEVICE_NETWORK_FILE_SYSTEM 0x0015 FILE_DEVICE_NULL 0x0016 FILE_DEVICE_PARALLEL_PORT 0x0017 FILE_DEVICE_PHYSICAL_NETCARD 0x0018 FILE_DEVICE_PRINTER 0x0019 FILE_DEVICE_SCANNER 0x001a FILE_DEVICE_SERIAL_MOUSE_PORT 0x001b FILE_DEVICE_SERIAL_PORT 0x001c FILE_DEVICE_SCREEN 0x001d FILE_DEVICE_SOUND 0x001e FILE_DEVICE_STREAMS 0x001f FILE_DEVICE_TAPE 0x0020 FILE_DEVICE_TAPE_FILE_SYSTEM 0x0021 FILE_DEVICE_TRANSPORT 0x0022 FILE_DEVICE_UNKNOWN 0x0023 FILE_DEVICE_VIDEO 0x0024 FILE_DEVICE_VIRTUAL_DISK 0x0025 FILE_DEVICE_WAVE_IN 0x0026 FILE_DEVICE_WAVE_OUT 0x0027 FILE_DEVICE_8042_PORT 0x0028 FILE_DEVICE_NETWORK_REDIRECTOR 0x0029 FILE_DEVICE_BATTERY 0x0029 FILE_DEVICE_PARTITION 0x002a FILE_DEVICE_BUS_EXTENDER 0x002b FILE_DEVICE_MODEM 0x002c FILE_DEVICE_VDM 0x002d FILE_DEVICE_MASS_STORAGE 0x002e FILE_DEVICE_SMB 0x002f FILE_DEVICE_KS 0x0030 FILE_DEVICE_CHANGER 0x0030 FILE_DEVICE_STORE 0x0031 FILE_DEVICE_SMARTCARD 0x0032 FILE_DEVICE_ACPI 0x0032 FILE_DEVICE_POWER 0x0033 FILE_DEVICE_DVD 0x0034 FILE_DEVICE_FULLSCREEN_VIDEO 0x0035 FILE_DEVICE_DFS_FILE_SYSTEM 0x0036 FILE_DEVICE_DFS_VOLUME 0x0101 FILE_DEVICE_HAL 0x0102 FILE_DEVICE_CONSOLE 0x0103 FILE_DEVICE_PSL 0x0104 FILE_DEVICE_SERVICE !struct FILETIME0x00 DWORD ftLow0x04 DWORD ftHigh!struct wstr0x00 wchar@260 str!struct CPUCONTEXT0x0000 DWORD Psr0x0004 DWORD reg_R00x0008 DWORD reg_R10x000c DWORD reg_R20x0010 DWORD reg_R30x0014 DWORD reg_R40x0018 DWORD reg_R50x001c DWORD reg_R60x0020 DWORD reg_R70x0024 DWORD reg_R80x0028 DWORD reg_R90x002c DWORD reg_R100x0030 DWORD reg_R110x0034 DWORD reg_R120x0038 DWORD reg_Sp0x003c DWORD reg_Lr0x0040 DWORD reg_Pc0x0044 DWORD Fpscr0x0048 DWORD FpExc0x004c DWORD@33 S0x00d0 DWORD@8 FpExtra!struct CALLSTACK0x0000 *CALLSTACK pcstkNext0x0004 DWORD retAddr /* return address */0x0008 *PROCESS pprcLast /* previous process */0x000c DWORD akyLast /* previous access key */0x0010 DWORD extra /* extra CPU dependent data */0x0014 DWORD dwPrevSP /* SP of caller */0x0018 DWORD dwPrcInfo /* information about the caller (mode, callback?, etc) */!struct THREAD0x0000 WORD wInfo; /* 00: various info about thread, see above */0x0002 BYTE bSuspendCnt; /* 02: thread suspend count */0x0003 BYTE bWaitState; /* 03: state of waiting loop */0x0004 *PROXY pProxList; /* 04: list of proxies to threads blocked on this thread */0x0008 *THREAD pNextInProc; /* 08: next thread in this process */0x000c *PROCESS pProc; /* 0C: pointer to current process */0x0010 *PROCESS pOwnerProc; /* 10: pointer to owner process */0x0014 DWORD aky; /* 14: keys used by thread to access memory & handles */0x0018 *CALLSTACK pcstkTop; /* 18: current api call info */0x001c DWORD dwOrigBase; /* 1C: Original stack base */0x0020 DWORD dwOrigStkSize; /* 20: Size of the original thread stack */0x0024 *DWORD tlsPtr; /* 24: tls pointer */0x0028 DWORD dwWakeupTime; /* 28: sleep count, also pending sleepcnt on waitmult */0x002c *DWORD tlsSecure; /* 2c: TLS for secure stack */0x0030 *DWORD tlsNonSecure; /* 30: TLS for non-secure stack */0x0034 *PROXY lpProxy; /* 34: first proxy this thread is blocked on */0x0038 DWORD dwLastError; /* 38: last error */0x003c DWORD hTh; /* 3C: Handle to this thread, needed by NextThread */0x0040 BYTE bBPrio; /* 40: base priority */0x0041 BYTE bCPrio; /* 41: curr priority */0x0042 WORD wCount; /* 42: nonce for blocking lists */0x0044 *THREAD pPrevInProc; /* 44: previous thread in this process */0x0048 DWORD pThrdDbg; /* 48: pointer to thread debug structure, if any */0x004c DWORD pSwapStack; /* 4c */0x0050 DWORD ftCreate_dwLowDateTime; /* 50: time thread is created */0x0054 DWORD ftCreate_dwHighDateTime; 0x0058 DWORD lpce; /* 58: cleanevent for unqueueing blocking lists */ - used to be 'CLEANEVENT'0x005c DWORD dwStartAddr; /* 5c: thread PC at creation, used to get thread name */0x0060 CPUCONTEXT ctx; /* 60: thread's cpu context information */0x0150 *THREAD pNextSleepRun; /* ??: next sleeping thread, if sleeping, else next on runq if runnable */0x0154 *THREAD pPrevSleepRun; /* ??: back pointer if sleeping or runnable */0x0158 *THREAD pUpRun; /* ??: up run pointer (circulaar) */0x015c *THREAD pDownRun; /* ??: down run pointer (circular) */0x0160 *THREAD pUpSleep; /* ??: up sleep pointer (null terminated) */0x0164 *THREAD pDownSleep; /* ??: down sleep pointer (null terminated) */0x0168 DWORD pOwnedList; /* ??: list of crits and mutexes for priority inversion */0x016c DWORD@32 pOwnedHash; 0x01ec DWORD dwQuantum; /* ??: thread quantum */0x01f0 DWORD dwQuantLeft; /* ??: quantum left */0x01f4 *PROXY lpCritProxy; /* ??: proxy from last critical section block, in case stolen back */0x01f8 *PROXY lpPendProxy; /* ??: pending proxies for queueing */0x01fc DWORD dwPendReturn; /* ??: return value from pended wait */0x0200 DWORD dwPendTime; /* ??: timeout value of wait operation */0x0204 *THREAD pCrabPth; 0x0208 WORD wCrabCount; 0x020a WORD wCrabDir; 0x020c DWORD dwPendWakeup; /* ??: pending timeout */0x0210 WORD wCount2; /* ??: nonce for SleepList */0x0212 BYTE bPendSusp; /* ??: pending suspend count */0x0213 BYTE bDbgCnt; /* ??: recurse level in debug message */0x0214 DWORD hLastCrit; /* ??: Last crit taken, cleared by nextthread */0x0218 CALLSTACK IntrStk; 0x0234 DWORD dwKernTime; /* ??: elapsed kernel time */0x0238 DWORD dwUserTime; /* ??: elapsed user time */!struct openexe_t0x00 DWORD handle // object store handle0x04 BYTE filetype0x05 BYTE bIsOID0x06 WORD pagemode0x08 DWORD offset0x0c *Name name!struct info0x00 DWORD rva /* Virtual relative address of info */0x04 DWORD size /* Size of information block */!struct e32_lite0x00 WORD e32_objcnt /* Number of memory objects */0x02 BYTE e32_cevermajor /* version of CE built for */0x03 BYTE e32_ceverminor /* version of CE built for */0x04 DWORD e32_stackmax /* Maximum stack size */0x08 DWORD e32_vbase /* Virtual base address of module */0x0c DWORD e32_vsize /* Virtual size of the entire image */0x10 DWORD e32_sect14rva /* section 14 rva */0x14 DWORD e32_sect14size /* section 14 size */# wce5: DWORD e32_timestamp; /* Time EXE/DLL was created/modified */0x18 info@6 e32_unit /* Array of extra info units */# wce5: @7 ( including DEB section )!struct o32_lite0x00 DWORD o32_vsize0x04 DWORD o32_rva0x08 DWORD o32_realaddr0x0c DWORD o32_access0x10 DWORD o32_flags0x14 DWORD o32_psize0x18 DWORD o32_dataptr!struct PGPOOL_Q0x00 WORD idxHead; /* head of the queue */0x02 WORD idxTail; /* tail of the queue */!struct PROCESS0x00 BYTE procnum /* 00: ID of this process [ie: it's slot number] */0x01 BYTE DbgActive /* 01: ID of process currently DebugActiveProcess'ing this process */0x02 BYTE bChainDebug /* 02: Did the creator want to debug child processes? */0x03 BYTE bTrustLevel /* 03: level of trust of this exe */0x04 *PROXY pProxList /* 04: list of proxies to threads blocked on this process */0x08 DWORD hProc /* 08: handle for this process, needed only for SC_GetProcFromPtr */0x0c DWORD dwVMBase /* 0C: base of process's memory section, or 0 if not in use */0x10 *THREAD pTh /* 10: first thread in this process */0x14 DWORD aky /* 14: default address space key for process's threads */0x18 DWORD BasePtr /* 18: Base pointer of exe load */0x1c DWORD hDbgrThrd /* 1C: handle of thread debugging this process, if any */0x20 *wstr lpszProcName /* 20: name of process */0x24 DWORD tlsLowUsed /* 24: TLS in use bitmask (first 32 slots) */0x28 DWORD tlsHighUsed /* 28: TLS in use bitmask (second 32 slots) */0x2c DWORD pfnEH /* 2C: process exception handler */0x30 DWORD ZonePtr /* 30: Debug zone pointer */0x34 *THREAD pMainTh /* 34 primary thread in this process*/0x38 *Module pmodResource /* 38: module that contains the resources */0x3c *Name@3 pStdNames /* 3C: Pointer to names for stdio */0x48 *wstr pcmdline /* 48: Pointer to command line */0x4c DWORD dwDyingThreads /* 4C: number of pending dying threads */0x50 openexe_t oe /* 50: Pointer to executable file handle */0x60 e32_lite e32 /* ??: structure containing exe header */0xa8 *o32_lite o32_ptr /* ??: o32 array pointer for exe */0xac DWORD pExtPdata /* ??: extend pdata */0xb0 BYTE bPrio /* ??: highest priority of all threads of the process */0xb1 BYTE fNoDebug /* ??: this process cannot be debugged */0xb2 WORD wPad /* padding */0xb4 PGPOOL_Q pgqueue /* ??: list of the page owned by the process */!struct CINFO0x00 char@4 acName /* 00: object type ID string */0x04 BYTE disp /* 04: type of dispatch */0x05 BYTE type /* 05: api handle type */0x06 WORD cMethods /* 06: # of methods in dispatch table */0x08 DWORD ppfnMethods /* 08: ptr to array of methods (in server address space) */0x0c DWORD pdwSig /* 0C: ptr to array of method signatures */0x10 *PROCESS pServer /* 10: ptr to server process */!struct HDATA0x00 DWORD fwd /* 00: links for active handle list */0x04 DWORD back0x08 DWORD hValue /* 08: Current value of handle (nonce) */0x0c DWORD lock /* 0C: access information */0x10 DWORD ref /* 10: reference information */0x14 *CINFO pci /* 14: ptr to object class description structure */0x18 DWORD pvObj /* 18: ptr to object */0x1c DWORD dwInfo /* 1C: extra handle info */!struct FFSDinfo0x00 *FFSDinfo next0x04 *FFSDinfo prev0x08 *FFSDinfo pPartition0x0c *FFSDinfo pFile10x10 *FFSDinfo pFile20x14 DWORD hProcess0x18 DWORD hFile0x1c *GTGTinfo pGtgtInfo // seems to be gtgt struct only in some cases.0x20 wchar@8 name!struct GTGTinfo0x00 DWORD magic0x04 DWORD dw10x08 *GDGDinfo pdgdginfo0x0c *wstr pWStrName0x10 *GTGTinfo pNext0x14 *GTGTinfo pPrev0x18 DWORD dw60x1c DWORD dw7!struct GDGDinfo 0x00 DWORD magic0x04 *wstr name0x08 *GTGTinfo pgtgt10x0c DWORD dw10x10 *GTGTinfo pgtgt20x14 DWORD dw20x18 DWORD dw30x1c DWORD dw4!struct fsopendev_t0x00 *fsopendev_t nextptr0x04 DWORD dwOpenData0x08 *fsdev_t lpDev0x0c *DWORD lpdwDevRefCnt0x10 DWORD dwOpenRefCnt0x14 DWORD KHandle0x18 DWORD hProc!struct fsdev_t0x00 *fsdev_t listnext0x04 *fsdev_t listprev0x08 DWORD index0x0c DWORD dwData0x10 DWORD dwLoadOrder0x14 DWORD fnInit0x18 DWORD fnDeinit0x1c DWORD fnOpen0x20 DWORD fnClose0x24 DWORD fnRead0x28 DWORD fnWrite0x2c DWORD fnSeek0x30 DWORD fnControl0x34 DWORD fnPowerup0x38 DWORD fnPowerdn0x3c DWORD hLib0x40 DWORD dwId0x44 DWORD PwrOn0x48 wchar@3 type0x4e WORD wFlags0x50 DWORD dwRefCnt!struct W32Hinfo0x00 DWORD w00x04 *W32Hinfo next0x08 DWORD w10x0c DWORD oid0x10 *GTGTinfo pgtgt0x14 DWORD w20x18 DWORD w30x1c DWORD w40x20 DWORD w5!struct BDEVinfo0x000 DWORD@11 dw10x02c wchar@256 name10x22c DWORD@13 dw20x260 wchar@28 name20x298 DWORD@2 dw3!struct STRGinfo⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -