Reversed engineered X_OBJECT_HEADER a bit better
This commit is contained in:
parent
766788be7b
commit
997de209ec
|
@ -40,8 +40,8 @@ XObject::~XObject() {
|
|||
auto header = memory()->TranslateVirtual<X_OBJECT_HEADER*>(ptr);
|
||||
|
||||
// Free the object creation info
|
||||
if (header->object_create_info) {
|
||||
memory()->SystemHeapFree(header->object_create_info);
|
||||
if (header->object_type_ptr) {
|
||||
memory()->SystemHeapFree(header->object_type_ptr);
|
||||
}
|
||||
|
||||
memory()->SystemHeapFree(ptr);
|
||||
|
@ -241,15 +241,13 @@ uint8_t* XObject::CreateNative(uint32_t size) {
|
|||
|
||||
auto header = memory()->TranslateVirtual<X_OBJECT_HEADER*>(mem);
|
||||
|
||||
auto creation_info =
|
||||
memory()->SystemHeapAlloc(sizeof(X_OBJECT_CREATE_INFORMATION));
|
||||
if (creation_info) {
|
||||
memory()->Zero(creation_info, sizeof(X_OBJECT_CREATE_INFORMATION));
|
||||
|
||||
auto object_type =
|
||||
memory()->SystemHeapAlloc(sizeof(X_OBJECT_TYPE));
|
||||
if (object_type) {
|
||||
// Set it up in the header.
|
||||
// Some kernel method is accessing this struct and dereferencing a member.
|
||||
// With our current definition that member is non_paged_pool_charge.
|
||||
header->object_create_info = creation_info;
|
||||
// Some kernel method is accessing this struct and dereferencing a member
|
||||
// @ offset 0x14
|
||||
header->object_type_ptr = object_type;
|
||||
}
|
||||
|
||||
return memory()->TranslateVirtual(guest_object_ptr_);
|
||||
|
|
|
@ -63,7 +63,6 @@ struct X_OBJECT_HEADER {
|
|||
xe::be<uint32_t> handle_count;
|
||||
xe::be<uint32_t> next_to_free;
|
||||
};
|
||||
xe::be<uint32_t> object_type_ptr;
|
||||
uint8_t name_info_offset;
|
||||
uint8_t handle_info_offset;
|
||||
uint8_t quota_info_offset;
|
||||
|
@ -72,7 +71,8 @@ struct X_OBJECT_HEADER {
|
|||
xe::be<uint32_t> object_create_info; // X_OBJECT_CREATE_INFORMATION
|
||||
xe::be<uint32_t> quota_block_charged;
|
||||
};
|
||||
xe::be<uint32_t> security_descriptor;
|
||||
xe::be<uint32_t> object_type_ptr; // -0x8 POBJECT_TYPE
|
||||
xe::be<uint32_t> unk_04; // -0x4
|
||||
|
||||
// Object lives after this header.
|
||||
// (There's actually a body field here which is the object itself)
|
||||
|
@ -80,19 +80,29 @@ struct X_OBJECT_HEADER {
|
|||
|
||||
// http://www.nirsoft.net/kernel_struct/vista/OBJECT_CREATE_INFORMATION.html
|
||||
struct X_OBJECT_CREATE_INFORMATION {
|
||||
xe::be<uint32_t> attributes;
|
||||
xe::be<uint32_t> root_directory_ptr;
|
||||
xe::be<uint32_t> parse_context_ptr;
|
||||
xe::be<uint32_t> probe_mode;
|
||||
xe::be<uint32_t> paged_pool_charge;
|
||||
xe::be<uint32_t> non_paged_pool_charge;
|
||||
xe::be<uint32_t> security_descriptor_charge;
|
||||
xe::be<uint32_t> security_descriptor;
|
||||
xe::be<uint32_t> security_qos_ptr;
|
||||
xe::be<uint32_t> attributes; // 0x0
|
||||
xe::be<uint32_t> root_directory_ptr; // 0x4
|
||||
xe::be<uint32_t> parse_context_ptr; // 0x8
|
||||
xe::be<uint32_t> probe_mode; // 0xC
|
||||
xe::be<uint32_t> paged_pool_charge; // 0x10
|
||||
xe::be<uint32_t> non_paged_pool_charge; // 0x14
|
||||
xe::be<uint32_t> security_descriptor_charge; // 0x18
|
||||
xe::be<uint32_t> security_descriptor; // 0x1C
|
||||
xe::be<uint32_t> security_qos_ptr; // 0x20
|
||||
|
||||
// Security QoS here (SECURITY_QUALITY_OF_SERVICE) too!
|
||||
};
|
||||
|
||||
struct X_OBJECT_TYPE {
|
||||
xe::be<uint32_t> constructor; // 0x0
|
||||
xe::be<uint32_t> destructor; // 0x4
|
||||
xe::be<uint32_t> unk_08; // 0x8
|
||||
xe::be<uint32_t> unk_0C; // 0xC
|
||||
xe::be<uint32_t> unk_10; // 0x10
|
||||
xe::be<uint32_t> unk_14; // 0x14 probably offset from ntobject to keobject
|
||||
xe::be<uint32_t> pool_tag; // 0x18
|
||||
};
|
||||
|
||||
class XObject {
|
||||
public:
|
||||
enum Type {
|
||||
|
|
Loading…
Reference in New Issue