GetSystemWindowsDirectoryW
This commit is contained in:
Geert Ijewski
부모
b9d076a7b1
커밋
1d209b6793
|
|
@ -0,0 +1,81 @@
|
|||
typedef struct _KSYSTEM_TIME {
|
||||
UINT32 LowPart;
|
||||
INT32 High1Time;
|
||||
INT32 High2Time;
|
||||
} KSYSTEM_TIME, *PKSYSTEM_TIME;
|
||||
typedef enum _NT_PRODUCT_TYPE
|
||||
{
|
||||
NtProductWinNt = 1,
|
||||
NtProductLanManNt = 2,
|
||||
NtProductServer = 3
|
||||
} NT_PRODUCT_TYPE;
|
||||
typedef enum _ALTERNATIVE_ARCHITECTURE_TYPE
|
||||
{
|
||||
StandardDesign = 0,
|
||||
NEC98x86 = 1,
|
||||
EndAlternatives = 2
|
||||
} ALTERNATIVE_ARCHITECTURE_TYPE;
|
||||
typedef struct _KUSER_SHARED_DATA
|
||||
{
|
||||
ULONG TickCountLowDeprecated;
|
||||
ULONG TickCountMultiplier;
|
||||
KSYSTEM_TIME InterruptTime;
|
||||
KSYSTEM_TIME SystemTime;
|
||||
KSYSTEM_TIME TimeZoneBias;
|
||||
WORD ImageNumberLow;
|
||||
WORD ImageNumberHigh;
|
||||
WCHAR NtSystemRoot[260];
|
||||
ULONG MaxStackTraceDepth;
|
||||
ULONG CryptoExponent;
|
||||
ULONG TimeZoneId;
|
||||
ULONG LargePageMinimum;
|
||||
ULONG Reserved2[7];
|
||||
NT_PRODUCT_TYPE NtProductType;
|
||||
UCHAR ProductTypeIsValid;
|
||||
ULONG NtMajorVersion;
|
||||
ULONG NtMinorVersion;
|
||||
UCHAR ProcessorFeatures[64];
|
||||
ULONG Reserved1;
|
||||
ULONG Reserved3;
|
||||
ULONG TimeSlip;
|
||||
ALTERNATIVE_ARCHITECTURE_TYPE AlternativeArchitecture;
|
||||
LARGE_INTEGER SystemExpirationDate;
|
||||
ULONG SuiteMask;
|
||||
UCHAR KdDebuggerEnabled;
|
||||
UCHAR NXSupportPolicy;
|
||||
ULONG ActiveConsoleId;
|
||||
ULONG DismountCount;
|
||||
ULONG ComPlusPackage;
|
||||
ULONG LastSystemRITEventTickCount;
|
||||
ULONG NumberOfPhysicalPages;
|
||||
UCHAR SafeBootMode;
|
||||
ULONG SharedDataFlags;
|
||||
ULONG DbgErrorPortPresent: 1;
|
||||
ULONG DbgElevationEnabled: 1;
|
||||
ULONG DbgVirtEnabled: 1;
|
||||
ULONG DbgInstallerDetectEnabled: 1;
|
||||
ULONG SystemDllRelocated: 1;
|
||||
ULONG SpareBits: 27;
|
||||
UINT64 TestRetInstruction;
|
||||
ULONG SystemCall;
|
||||
ULONG SystemCallReturn;
|
||||
UINT64 SystemCallPad[3];
|
||||
union
|
||||
{
|
||||
KSYSTEM_TIME TickCount;
|
||||
UINT64 TickCountQuad;
|
||||
};
|
||||
ULONG Cookie;
|
||||
INT64 ConsoleSessionForegroundProcessId;
|
||||
ULONG Wow64SharedInformation[16];
|
||||
WORD UserModeGlobalLogger[8];
|
||||
ULONG HeapTracingPid[2];
|
||||
ULONG CritSecTracingPid[2];
|
||||
ULONG ImageFileExecutionOptions;
|
||||
union
|
||||
{
|
||||
UINT64 AffinityPad;
|
||||
ULONG ActiveProcessorAffinity;
|
||||
};
|
||||
UINT64 InterruptTimeBias;
|
||||
} KUSER_SHARED_DATA, *PKUSER_SHARED_DATA;
|
||||
|
|
@ -0,0 +1,11 @@
|
|||
#include <windows.h>
|
||||
|
||||
INT main(VOID) {
|
||||
_KUSER_SHARED_DATA* kusd = (_KUSER_SHARED_DATA*)0x7FFE0000;
|
||||
WCHAR SysDir[MAX_PATH + 1] = {0};
|
||||
|
||||
StringCchCopyW(SysDir, sizeof(SysDir) - sizeof(WCHAR), kusd->NtSystemRoot);
|
||||
|
||||
return ERROR_SUCCESS;
|
||||
}
|
||||
|
||||
불러오는 중...
Reference in New Issue