From 1ba733e37b3e22c2d28ca9f9cf961c2d6768f14d Mon Sep 17 00:00:00 2001
From: vxunderground <57078196+vxunderground@users.noreply.github.com>
Date: Fri, 15 Jul 2022 09:14:56 -0500
Subject: [PATCH] Create TEB.h

---
 Structures/TEB.h | 159 +++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 159 insertions(+)
 create mode 100644 Structures/TEB.h

diff --git a/Structures/TEB.h b/Structures/TEB.h
new file mode 100644
index 0000000..95bb815
--- /dev/null
+++ b/Structures/TEB.h
@@ -0,0 +1,159 @@
+typedef struct _TEB
+{
+	NT_TIB				NtTib;
+	PVOID				EnvironmentPointer;
+	CLIENT_ID			ClientId;
+	PVOID				ActiveRpcHandle;
+	PVOID				ThreadLocalStoragePointer;
+	PPEB				ProcessEnvironmentBlock;
+	ULONG               LastErrorValue;
+	ULONG               CountOfOwnedCriticalSections;
+	PVOID				CsrClientThread;
+	PVOID				Win32ThreadInfo;
+	ULONG               User32Reserved[26];
+	ULONG               UserReserved[5];
+	PVOID				WOW32Reserved;
+	LCID                CurrentLocale;
+	ULONG               FpSoftwareStatusRegister;
+	PVOID				SystemReserved1[54];
+	LONG                ExceptionCode;
+#if (NTDDI_VERSION >= NTDDI_LONGHORN)
+	PACTIVATION_CONTEXT_STACK* ActivationContextStackPointer;
+	UCHAR                  SpareBytes1[0x30 - 3 * sizeof(PVOID)];
+	ULONG                  TxFsContext;
+#elif (NTDDI_VERSION >= NTDDI_WS03)
+	PACTIVATION_CONTEXT_STACK ActivationContextStackPointer;
+	UCHAR                  SpareBytes1[0x34 - 3 * sizeof(PVOID)];
+#else
+	ACTIVATION_CONTEXT_STACK ActivationContextStack;
+	UCHAR                  SpareBytes1[24];
+#endif
+	GDI_TEB_BATCH			GdiTebBatch;
+	CLIENT_ID				RealClientId;
+	PVOID					GdiCachedProcessHandle;
+	ULONG                   GdiClientPID;
+	ULONG                   GdiClientTID;
+	PVOID					GdiThreadLocalInfo;
+	PSIZE_T					Win32ClientInfo[62];
+	PVOID					glDispatchTable[233];
+	PSIZE_T					glReserved1[29];
+	PVOID					glReserved2;
+	PVOID					glSectionInfo;
+	PVOID					glSection;
+	PVOID					glTable;
+	PVOID					glCurrentRC;
+	PVOID					glContext;
+	NTSTATUS                LastStatusValue;
+	UNICODE_STRING			StaticUnicodeString;
+	WCHAR                   StaticUnicodeBuffer[261];
+	PVOID					DeallocationStack;
+	PVOID					TlsSlots[64];
+	LIST_ENTRY				TlsLinks;
+	PVOID					Vdm;
+	PVOID					ReservedForNtRpc;
+	PVOID					DbgSsReserved[2];
+#if (NTDDI_VERSION >= NTDDI_WS03)
+	ULONG                   HardErrorMode;
+#else
+	ULONG                  HardErrorsAreDisabled;
+#endif
+#if (NTDDI_VERSION >= NTDDI_LONGHORN)
+	PVOID					Instrumentation[13 - sizeof(GUID) / sizeof(PVOID)];
+	GUID                    ActivityId;
+	PVOID					SubProcessTag;
+	PVOID					EtwLocalData;
+	PVOID					EtwTraceData;
+#elif (NTDDI_VERSION >= NTDDI_WS03)
+	PVOID					Instrumentation[14];
+	PVOID					SubProcessTag;
+	PVOID					EtwLocalData;
+#else
+	PVOID					Instrumentation[16];
+#endif
+	PVOID					WinSockData;
+	ULONG					GdiBatchCount;
+#if (NTDDI_VERSION >= NTDDI_LONGHORN)
+	BOOLEAN                SpareBool0;
+	BOOLEAN                SpareBool1;
+	BOOLEAN                SpareBool2;
+#else
+	BOOLEAN                InDbgPrint;
+	BOOLEAN                FreeStackOnTermination;
+	BOOLEAN                HasFiberData;
+#endif
+	UCHAR                  IdealProcessor;
+#if (NTDDI_VERSION >= NTDDI_WS03)
+	ULONG                  GuaranteedStackBytes;
+#else
+	ULONG                  Spare3;
+#endif
+	PVOID				   ReservedForPerf;
+	PVOID				   ReservedForOle;
+	ULONG                  WaitingOnLoaderLock;
+#if (NTDDI_VERSION >= NTDDI_LONGHORN)
+	PVOID				   SavedPriorityState;
+	ULONG_PTR			   SoftPatchPtr1;
+	ULONG_PTR			   ThreadPoolData;
+#elif (NTDDI_VERSION >= NTDDI_WS03)
+	ULONG_PTR			   SparePointer1;
+	ULONG_PTR              SoftPatchPtr1;
+	ULONG_PTR              SoftPatchPtr2;
+#else
+	Wx86ThreadState        Wx86Thread;
+#endif
+	PVOID* TlsExpansionSlots;
+#if defined(_WIN64) && !defined(EXPLICIT_32BIT)
+	PVOID                  DeallocationBStore;
+	PVOID                  BStoreLimit;
+#endif
+	ULONG                  ImpersonationLocale;
+	ULONG                  IsImpersonating;
+	PVOID                  NlsCache;
+	PVOID                  pShimData;
+	ULONG                  HeapVirtualAffinity;
+	HANDLE                 CurrentTransactionHandle;
+	PTEB_ACTIVE_FRAME      ActiveFrame;
+#if (NTDDI_VERSION >= NTDDI_WS03)
+	PVOID FlsData;
+#endif
+#if (NTDDI_VERSION >= NTDDI_LONGHORN)
+	PVOID PreferredLangauges;
+	PVOID UserPrefLanguages;
+	PVOID MergedPrefLanguages;
+	ULONG MuiImpersonation;
+	union
+	{
+		struct
+		{
+			USHORT SpareCrossTebFlags : 16;
+		};
+		USHORT CrossTebFlags;
+	};
+	union
+	{
+		struct
+		{
+			USHORT DbgSafeThunkCall : 1;
+			USHORT DbgInDebugPrint : 1;
+			USHORT DbgHasFiberData : 1;
+			USHORT DbgSkipThreadAttach : 1;
+			USHORT DbgWerInShipAssertCode : 1;
+			USHORT DbgIssuedInitialBp : 1;
+			USHORT DbgClonedThread : 1;
+			USHORT SpareSameTebBits : 9;
+		};
+		USHORT SameTebFlags;
+	};
+	PVOID TxnScopeEntercallback;
+	PVOID TxnScopeExitCAllback;
+	PVOID TxnScopeContext;
+	ULONG LockCount;
+	ULONG ProcessRundown;
+	ULONG64 LastSwitchTime;
+	ULONG64 TotalSwitchOutTime;
+	LARGE_INTEGER WaitReasonBitMap;
+#else
+	BOOLEAN SafeThunkCall;
+	BOOLEAN BooleanSpare[3];
+#endif
+} TEB, * PTEB;