#[derive(Clone, Copy)]
pub struct Offset {
pub eprocess_peb: usize,
pub eprocess_rundown_protect: usize,
pub eprocess_section_object: usize,
pub eprocess_section_base_address: usize,
pub eprocess_flags: usize,
pub eprocess_pcb: usize,
pub eprocess_thread_list_head: usize,
pub eprocess_process_lock: usize,
pub eprocess_object_table: usize,
pub eprocess_size: usize,
pub ethread_thread_list_entry: usize,
pub ethread_cross_thread_flags: usize,
pub ethread_start_address: usize,
pub ethread_win32_start_address: usize,
pub ethread_run_down_protect: usize,
pub ethread_cid: usize,
pub ethread_size: usize,
pub peb_ldr: usize,
pub ldr_in_load_order_module_list: usize,
pub ldre_base_dll_name: usize,
pub ldre_dll_base: usize,
pub handle_table_table_code: usize,
pub handle_table_entry_low: usize,
pub object_header_type_index: usize,
pub object_header_body: usize,
}
#[derive(Clone, Copy)]
pub struct Index {
pub target_func: &'static str,
pub offset: u64,
}
#[derive(Clone, Copy)]
pub struct FunctionOffset {
pub ps_suspend_thread: u64,
pub ps_resume_thread: u64,
pub dbgk_send_system_dll_messages: u64,
pub ps_open_process: u64,
pub dbgkp_send_api_message: u64,
pub dbgkp_queue_message: u64,
pub dbgkp_section_to_file_handle: u64,
pub dbgkp_wake_target: u64,
pub mm_get_file_name_for_address: u64,
pub dbgkp_post_module_messages: u64,
pub dbgk_forward_exception: u64,
pub dbgk_clear_process_debug_object: u64,
pub dbgk_create_thread: u64,
pub dbgk_exit_thread: u64,
pub psp_exit_thread: u64,
pub psp_terminate_all_threads: u64,
pub dbgk_exit_process: u64,
pub dbgk_map_view_of_section: u64,
pub dbgk_unmap_view_of_section: u64,
pub psp_call_process_notify_routines: u64,
pub psp_call_thread_notify_routines: u64,
pub ps_call_image_notify_routines: u64,
}
#[derive(Clone, Copy)]
pub struct OSVersionInfo {
pub major_version: u32,
pub minor_version: u32,
pub build_number: u32,
pub patch_number: u32,
pub windows_version: &'static str,
pub version_desc: &'static str,
pub offset: Offset,
pub func_offset: FunctionOffset,
}
pub static VERSION_MAP: [OSVersionInfo; 20] = [
OSVersionInfo {
major_version: 10,
minor_version: 0,
build_number: 19045,
patch_number: 2965,
windows_version: "windows-10",
version_desc: "22H2 (2022 Update, Vibranium R5)",
offset: Offset {
eprocess_peb: 0x550,
eprocess_rundown_protect: 0x458,
eprocess_section_object: 0x518,
eprocess_section_base_address: 0x520,
eprocess_flags: 0x464,
eprocess_pcb: 0x0,
eprocess_thread_list_head: 0x5e0,
eprocess_process_lock: 0x438,
eprocess_object_table: 0x570,
eprocess_size: 0xa40,
ethread_thread_list_entry: 0x4e8,
ethread_cross_thread_flags: 0x510,
ethread_start_address: 0x450,
ethread_win32_start_address: 0x4d0,
ethread_run_down_protect: 0x4f8,
ethread_cid: 0x478,
ethread_size: 0x898,
peb_ldr: 0x18,
ldr_in_load_order_module_list: 0x10,
ldre_base_dll_name: 0x58,
ldre_dll_base: 0x30,
handle_table_table_code: 0x8,
handle_table_entry_low: 0x0,
object_header_type_index: 0x18,
object_header_body: 0x30,
},
func_offset: FunctionOffset {
ps_suspend_thread: 0x709BE0,
ps_resume_thread: 0x6B3160,
dbgk_send_system_dll_messages: 0x8813EC,
ps_open_process: 0x67A820,
dbgkp_send_api_message: 0x884064,
dbgkp_queue_message: 0x882428,
dbgkp_section_to_file_handle: 0x884AA4,
dbgkp_wake_target: 0x882A20,
mm_get_file_name_for_address: 0x8C0A44,
dbgkp_post_module_messages: 0x8821B0,
dbgk_forward_exception: 0x71FF90,
dbgk_clear_process_debug_object: 0x760860,
dbgk_create_thread: 0x6B52F4,
dbgk_exit_thread: 0x8849D8,
psp_exit_thread: 0x6B05E0,
psp_terminate_all_threads: 0x6B369C,
dbgk_exit_process: 0x88491C,
dbgk_map_view_of_section: 0x6B7680,
dbgk_unmap_view_of_section: 0x6F90AC,
psp_call_process_notify_routines: 0x60283C,
psp_call_thread_notify_routines: 0x602D50,
ps_call_image_notify_routines: 0x602BC0,
},
},
OSVersionInfo {
major_version: 10,
minor_version: 0,
build_number: 19044,
patch_number: 1288,
windows_version: "windows-10",
version_desc: "21H2 (November 2021 Update, Vibranium R4)",
offset: Offset {
eprocess_peb: 0x550,
eprocess_rundown_protect: 0x458,
eprocess_section_object: 0x518,
eprocess_section_base_address: 0x520,
eprocess_flags: 0x464,
eprocess_pcb: 0x0,
eprocess_thread_list_head: 0x5e0,
eprocess_process_lock: 0x438,
eprocess_object_table: 0x570,
eprocess_size: 0xa40,
ethread_thread_list_entry: 0x4e8,
ethread_cross_thread_flags: 0x510,
ethread_start_address: 0x450,
ethread_win32_start_address: 0x4d0,
ethread_run_down_protect: 0x4f8,
ethread_cid: 0x478,
ethread_size: 0x898,
peb_ldr: 0x18,
ldr_in_load_order_module_list: 0x10,
ldre_base_dll_name: 0x58,
ldre_dll_base: 0x30,
handle_table_table_code: 0x8,
handle_table_entry_low: 0x0,
object_header_type_index: 0x18,
object_header_body: 0x30,
},
func_offset: FunctionOffset {
ps_suspend_thread: 0x709BE0,
ps_resume_thread: 0x6B3160,
dbgk_send_system_dll_messages: 0x8813EC,
ps_open_process: 0x67A820,
dbgkp_send_api_message: 0x884064,
dbgkp_queue_message: 0x882428,
dbgkp_section_to_file_handle: 0x884AA4,
dbgkp_wake_target: 0x882A20,
mm_get_file_name_for_address: 0x8C0A44,
dbgkp_post_module_messages: 0x8821B0,
dbgk_forward_exception: 0x71FF90,
dbgk_clear_process_debug_object: 0x760860,
dbgk_create_thread: 0x6B52F4,
dbgk_exit_thread: 0x8849D8,
psp_exit_thread: 0x6B05E0,
psp_terminate_all_threads: 0x6B369C,
dbgk_exit_process: 0x88491C,
dbgk_map_view_of_section: 0x6B7680,
dbgk_unmap_view_of_section: 0x6F90AC,
psp_call_process_notify_routines: 0x60283C,
psp_call_thread_notify_routines: 0x602D50,
ps_call_image_notify_routines: 0x602BC0,
},
},
OSVersionInfo {
major_version: 10,
minor_version: 0,
build_number: 19043,
patch_number: 928,
windows_version: "windows-10",
version_desc: "21H1 (May 2021 Update, Vibranium R3)",
offset: Offset {
eprocess_peb: 0x550,
eprocess_rundown_protect: 0x458,
eprocess_section_object: 0x518,
eprocess_section_base_address: 0x520,
eprocess_flags: 0x464,
eprocess_pcb: 0x0,
eprocess_thread_list_head: 0x5e0,
eprocess_process_lock: 0x438,
eprocess_object_table: 0x570,
eprocess_size: 0xa40,
ethread_thread_list_entry: 0x4e8,
ethread_cross_thread_flags: 0x510,
ethread_start_address: 0x450,
ethread_win32_start_address: 0x4d0,
ethread_run_down_protect: 0x4f8,
ethread_cid: 0x478,
ethread_size: 0x898,
peb_ldr: 0x18,
ldr_in_load_order_module_list: 0x10,
ldre_base_dll_name: 0x58,
ldre_dll_base: 0x30,
handle_table_table_code: 0x8,
handle_table_entry_low: 0x0,
object_header_type_index: 0x18,
object_header_body: 0x30,
},
func_offset: FunctionOffset {
ps_suspend_thread: 0x709BE0,
ps_resume_thread: 0x6B3160,
dbgk_send_system_dll_messages: 0x8813EC,
ps_open_process: 0x67A820,
dbgkp_send_api_message: 0x884064,
dbgkp_queue_message: 0x882428,
dbgkp_section_to_file_handle: 0x884AA4,
dbgkp_wake_target: 0x882A20,
mm_get_file_name_for_address: 0x8C0A44,
dbgkp_post_module_messages: 0x8821B0,
dbgk_forward_exception: 0x71FF90,
dbgk_clear_process_debug_object: 0x760860,
dbgk_create_thread: 0x6B52F4,
dbgk_exit_thread: 0x8849D8,
psp_exit_thread: 0x6B05E0,
psp_terminate_all_threads: 0x6B369C,
dbgk_exit_process: 0x88491C,
dbgk_map_view_of_section: 0x6B7680,
dbgk_unmap_view_of_section: 0x6F90AC,
psp_call_process_notify_routines: 0x60283C,
psp_call_thread_notify_routines: 0x602D50,
ps_call_image_notify_routines: 0x602BC0,
},
},
OSVersionInfo {
major_version: 10,
minor_version: 0,
build_number: 19042,
patch_number: 508,
windows_version: "windows-10",
version_desc: "20H2 (October 2020 Update, Vibranium R2)",
offset: Offset {
eprocess_peb: 0x550,
eprocess_rundown_protect: 0x458,
eprocess_section_object: 0x518,
eprocess_section_base_address: 0x520,
eprocess_flags: 0x464,
eprocess_pcb: 0x0,
eprocess_thread_list_head: 0x5e0,
eprocess_process_lock: 0x438,
eprocess_object_table: 0x570,
eprocess_size: 0xa40,
ethread_thread_list_entry: 0x4e8,
ethread_cross_thread_flags: 0x510,
ethread_start_address: 0x450,
ethread_win32_start_address: 0x4d0,
ethread_run_down_protect: 0x4f8,
ethread_cid: 0x478,
ethread_size: 0x898,
peb_ldr: 0x18,
ldr_in_load_order_module_list: 0x10,
ldre_base_dll_name: 0x58,
ldre_dll_base: 0x30,
handle_table_table_code: 0x8,
handle_table_entry_low: 0x0,
object_header_type_index: 0x18,
object_header_body: 0x30,
},
func_offset: FunctionOffset {
ps_suspend_thread: 0x709BE0,
ps_resume_thread: 0x6B3160,
dbgk_send_system_dll_messages: 0x8813EC,
ps_open_process: 0x67A820,
dbgkp_send_api_message: 0x884064,
dbgkp_queue_message: 0x882428,
dbgkp_section_to_file_handle: 0x884AA4,
dbgkp_wake_target: 0x882A20,
mm_get_file_name_for_address: 0x8C0A44,
dbgkp_post_module_messages: 0x8821B0,
dbgk_forward_exception: 0x71FF90,
dbgk_clear_process_debug_object: 0x760860,
dbgk_create_thread: 0x6B52F4,
dbgk_exit_thread: 0x8849D8,
psp_exit_thread: 0x6B05E0,
psp_terminate_all_threads: 0x6B369C,
dbgk_exit_process: 0x88491C,
dbgk_map_view_of_section: 0x6B7680,
dbgk_unmap_view_of_section: 0x6F90AC,
psp_call_process_notify_routines: 0x60283C,
psp_call_thread_notify_routines: 0x602D50,
ps_call_image_notify_routines: 0x602BC0,
},
},
OSVersionInfo {
major_version: 10,
minor_version: 0,
build_number: 19041,
patch_number: 264,
windows_version: "windows-10",
version_desc: "2004 (May 2020 Update, Vibranium R1)",
offset: Offset {
eprocess_peb: 0x550,
eprocess_rundown_protect: 0x458,
eprocess_section_object: 0x518,
eprocess_section_base_address: 0x520,
eprocess_flags: 0x464,
eprocess_pcb: 0x0,
eprocess_thread_list_head: 0x5e0,
eprocess_process_lock: 0x438,
eprocess_object_table: 0x570,
eprocess_size: 0xa40,
ethread_thread_list_entry: 0x4e8,
ethread_cross_thread_flags: 0x510,
ethread_start_address: 0x450,
ethread_win32_start_address: 0x4d0,
ethread_run_down_protect: 0x4f8,
ethread_cid: 0x478,
ethread_size: 0x898,
peb_ldr: 0x18,
ldr_in_load_order_module_list: 0x10,
ldre_base_dll_name: 0x58,
ldre_dll_base: 0x30,
handle_table_table_code: 0x8,
handle_table_entry_low: 0x0,
object_header_type_index: 0x18,
object_header_body: 0x30,
},
func_offset: FunctionOffset {
ps_suspend_thread: 0x709BE0,
ps_resume_thread: 0x6B3160,
dbgk_send_system_dll_messages: 0x8813EC,
ps_open_process: 0x67A820,
dbgkp_send_api_message: 0x884064,
dbgkp_queue_message: 0x882428,
dbgkp_section_to_file_handle: 0x884AA4,
dbgkp_wake_target: 0x882A20,
mm_get_file_name_for_address: 0x8C0A44,
dbgkp_post_module_messages: 0x8821B0,
dbgk_forward_exception: 0x71FF90,
dbgk_clear_process_debug_object: 0x760860,
dbgk_create_thread: 0x6B52F4,
dbgk_exit_thread: 0x8849D8,
psp_exit_thread: 0x6B05E0,
psp_terminate_all_threads: 0x6B369C,
dbgk_exit_process: 0x88491C,
dbgk_map_view_of_section: 0x6B7680,
dbgk_unmap_view_of_section: 0x6F90AC,
psp_call_process_notify_routines: 0x60283C,
psp_call_thread_notify_routines: 0x602D50,
ps_call_image_notify_routines: 0x602BC0,
},
},
OSVersionInfo {
major_version: 10,
minor_version: 0,
build_number: 18362,
patch_number: 418,
windows_version: "windows-10",
version_desc: "1909 (November 2019 Update, Titanium R2)",
offset: Offset {
eprocess_peb: 0x3f8,
eprocess_rundown_protect: 0x300,
eprocess_section_object: 0x3c0,
eprocess_section_base_address: 0x3c8,
eprocess_flags: 0x30c,
eprocess_pcb: 0x0,
eprocess_thread_list_head: 0x488,
eprocess_process_lock: 0x2e0,
eprocess_object_table: 0x418,
eprocess_size: 0x880,
ethread_thread_list_entry: 0x6b8,
ethread_cross_thread_flags: 0x6e0,
ethread_start_address: 0x620,
ethread_win32_start_address: 0x6a0,
ethread_run_down_protect: 0x6c8,
ethread_cid: 0x648,
ethread_size: 0x820,
peb_ldr: 0x18,
ldr_in_load_order_module_list: 0x10,
ldre_base_dll_name: 0x58,
ldre_dll_base: 0x30,
handle_table_table_code: 0x8,
handle_table_entry_low: 0x0,
object_header_type_index: 0x18,
object_header_body: 0x30,
},
func_offset: FunctionOffset {
ps_suspend_thread: 0x709BE0,
ps_resume_thread: 0x6B3160,
dbgk_send_system_dll_messages: 0x8813EC,
ps_open_process: 0x67A820,
dbgkp_send_api_message: 0x884064,
dbgkp_queue_message: 0x882428,
dbgkp_section_to_file_handle: 0x884AA4,
dbgkp_wake_target: 0x882A20,
mm_get_file_name_for_address: 0x8C0A44,
dbgkp_post_module_messages: 0x8821B0,
dbgk_forward_exception: 0x71FF90,
dbgk_clear_process_debug_object: 0x760860,
dbgk_create_thread: 0x6B52F4,
dbgk_exit_thread: 0x8849D8,
psp_exit_thread: 0x6B05E0,
psp_terminate_all_threads: 0x6B369C,
dbgk_exit_process: 0x88491C,
dbgk_map_view_of_section: 0x6B7680,
dbgk_unmap_view_of_section: 0x6F90AC,
psp_call_process_notify_routines: 0x60283C,
psp_call_thread_notify_routines: 0x602D50,
ps_call_image_notify_routines: 0x602BC0,
},
},
OSVersionInfo {
major_version: 10,
minor_version: 0,
build_number: 18362,
patch_number: 30,
windows_version: "windows-10",
version_desc: "1903 (May 2019 Update, Titanium R1)",
offset: Offset {
eprocess_peb: 0x3f8,
eprocess_rundown_protect: 0x300,
eprocess_section_object: 0x3c0,
eprocess_section_base_address: 0x3c8,
eprocess_flags: 0x30c,
eprocess_pcb: 0x0,
eprocess_thread_list_head: 0x488,
eprocess_process_lock: 0x2e0,
eprocess_object_table: 0x418,
eprocess_size: 0x880,
ethread_thread_list_entry: 0x6b8,
ethread_cross_thread_flags: 0x6e0,
ethread_start_address: 0x620,
ethread_win32_start_address: 0x6a0,
ethread_run_down_protect: 0x6c8,
ethread_cid: 0x648,
ethread_size: 0x820,
peb_ldr: 0x18,
ldr_in_load_order_module_list: 0x10,
ldre_base_dll_name: 0x58,
ldre_dll_base: 0x30,
handle_table_table_code: 0x8,
handle_table_entry_low: 0x0,
object_header_type_index: 0x18,
object_header_body: 0x30,
},
func_offset: FunctionOffset {
ps_suspend_thread: 0x709BE0,
ps_resume_thread: 0x6B3160,
dbgk_send_system_dll_messages: 0x8813EC,
ps_open_process: 0x67A820,
dbgkp_send_api_message: 0x884064,
dbgkp_queue_message: 0x882428,
dbgkp_section_to_file_handle: 0x884AA4,
dbgkp_wake_target: 0x882A20,
mm_get_file_name_for_address: 0x8C0A44,
dbgkp_post_module_messages: 0x8821B0,
dbgk_forward_exception: 0x71FF90,
dbgk_clear_process_debug_object: 0x760860,
dbgk_create_thread: 0x6B52F4,
dbgk_exit_thread: 0x8849D8,
psp_exit_thread: 0x6B05E0,
psp_terminate_all_threads: 0x6B369C,
dbgk_exit_process: 0x88491C,
dbgk_map_view_of_section: 0x6B7680,
dbgk_unmap_view_of_section: 0x6F90AC,
psp_call_process_notify_routines: 0x60283C,
psp_call_thread_notify_routines: 0x602D50,
ps_call_image_notify_routines: 0x602BC0,
},
},
OSVersionInfo {
major_version: 10,
minor_version: 0,
build_number: 17763,
patch_number: 107,
windows_version: "windows-10",
version_desc: "1809 | Server 2019 (October 2018 Update, Redstone 5)",
offset: Offset {
eprocess_peb: 0x3f8,
eprocess_rundown_protect: 0x2f8,
eprocess_section_object: 0x3b8,
eprocess_section_base_address: 0x3c0,
eprocess_flags: 0x304,
eprocess_pcb: 0x0,
eprocess_thread_list_head: 0x488,
eprocess_process_lock: 0x2d8,
eprocess_object_table: 0x418,
eprocess_size: 0x850,
ethread_thread_list_entry: 0x6a8,
ethread_cross_thread_flags: 0x6d0,
ethread_start_address: 0x610,
ethread_win32_start_address: 0x690,
ethread_run_down_protect: 0x6b8,
ethread_cid: 0x638,
ethread_size: 0x810,
peb_ldr: 0x18,
ldr_in_load_order_module_list: 0x10,
ldre_base_dll_name: 0x58,
ldre_dll_base: 0x30,
handle_table_table_code: 0x8,
handle_table_entry_low: 0x0,
object_header_type_index: 0x18,
object_header_body: 0x30,
},
func_offset: FunctionOffset {
ps_suspend_thread: 0x5C3D70,
ps_resume_thread: 0x5ABFF0,
dbgk_send_system_dll_messages: 0x810020,
ps_open_process: 0x627CD0,
dbgkp_send_api_message: 0x812744,
dbgkp_queue_message: 0x810F94,
dbgkp_section_to_file_handle: 0x813138,
dbgkp_wake_target: 0x811570,
mm_get_file_name_for_address: 0x84D340,
dbgkp_post_module_messages: 0x810D34,
dbgk_forward_exception: 0x6C144C,
dbgk_clear_process_debug_object: 0x6CBE8C,
dbgk_create_thread: 0x655A38,
dbgk_exit_thread: 0x813080,
psp_exit_thread: 0x658600,
psp_terminate_all_threads: 0x683334,
dbgk_exit_process: 0x812FD8,
dbgk_map_view_of_section: 0x68433C,
dbgk_unmap_view_of_section: 0x64ABAC,
psp_call_process_notify_routines: 0x604D84,
psp_call_thread_notify_routines: 0x605100,
ps_call_image_notify_routines: 0x605260,
},
},
OSVersionInfo {
major_version: 10,
minor_version: 0,
build_number: 17134,
patch_number: 1,
windows_version: "windows-10",
version_desc: "1803 (April 2018 Update, Redstone 4)",
offset: Offset {
eprocess_peb: 0x3f8,
eprocess_rundown_protect: 0x2f8,
eprocess_section_object: 0x3b8,
eprocess_section_base_address: 0x3c0,
eprocess_flags: 0x304,
eprocess_pcb: 0x0,
eprocess_thread_list_head: 0x488,
eprocess_process_lock: 0x2d8,
eprocess_object_table: 0x418,
eprocess_size: 0x848,
ethread_thread_list_entry: 0x6a8,
ethread_cross_thread_flags: 0x6d0,
ethread_start_address: 0x610,
ethread_win32_start_address: 0x690,
ethread_run_down_protect: 0x6b8,
ethread_cid: 0x638,
ethread_size: 0x818,
peb_ldr: 0x18,
ldr_in_load_order_module_list: 0x10,
ldre_base_dll_name: 0x58,
ldre_dll_base: 0x30,
handle_table_table_code: 0x8,
handle_table_entry_low: 0x0,
object_header_type_index: 0x18,
object_header_body: 0x30,
},
func_offset: FunctionOffset {
ps_suspend_thread: 0x709BE0,
ps_resume_thread: 0x6B3160,
dbgk_send_system_dll_messages: 0x8813EC,
ps_open_process: 0x67A820,
dbgkp_send_api_message: 0x884064,
dbgkp_queue_message: 0x882428,
dbgkp_section_to_file_handle: 0x884AA4,
dbgkp_wake_target: 0x882A20,
mm_get_file_name_for_address: 0x8C0A44,
dbgkp_post_module_messages: 0x8821B0,
dbgk_forward_exception: 0x71FF90,
dbgk_clear_process_debug_object: 0x760860,
dbgk_create_thread: 0x6B52F4,
dbgk_exit_thread: 0x8849D8,
psp_exit_thread: 0x6B05E0,
psp_terminate_all_threads: 0x6B369C,
dbgk_exit_process: 0x88491C,
dbgk_map_view_of_section: 0x6B7680,
dbgk_unmap_view_of_section: 0x6F90AC,
psp_call_process_notify_routines: 0x60283C,
psp_call_thread_notify_routines: 0x602D50,
ps_call_image_notify_routines: 0x602BC0,
},
},
OSVersionInfo {
major_version: 10,
minor_version: 0,
build_number: 16299,
patch_number: 15,
windows_version: "windows-10",
version_desc: "1709 (Fall Creators Update, Redstone 3)",
offset: Offset {
eprocess_peb: 0x3f8,
eprocess_rundown_protect: 0x2f8,
eprocess_section_object: 0x3b8,
eprocess_section_base_address: 0x3c0,
eprocess_flags: 0x304,
eprocess_pcb: 0x0,
eprocess_thread_list_head: 0x488,
eprocess_process_lock: 0x2d8,
eprocess_object_table: 0x418,
eprocess_size: 0x838,
ethread_thread_list_entry: 0x6a8,
ethread_cross_thread_flags: 0x6d0,
ethread_start_address: 0x610,
ethread_win32_start_address: 0x690,
ethread_run_down_protect: 0x6b8,
ethread_cid: 0x638,
ethread_size: 0x818,
peb_ldr: 0x18,
ldr_in_load_order_module_list: 0x10,
ldre_base_dll_name: 0x58,
ldre_dll_base: 0x30,
handle_table_table_code: 0x8,
handle_table_entry_low: 0x0,
object_header_type_index: 0x18,
object_header_body: 0x30,
},
func_offset: FunctionOffset {
ps_suspend_thread: 0x709BE0,
ps_resume_thread: 0x6B3160,
dbgk_send_system_dll_messages: 0x8813EC,
ps_open_process: 0x67A820,
dbgkp_send_api_message: 0x884064,
dbgkp_queue_message: 0x882428,
dbgkp_section_to_file_handle: 0x884AA4,
dbgkp_wake_target: 0x882A20,
mm_get_file_name_for_address: 0x8C0A44,
dbgkp_post_module_messages: 0x8821B0,
dbgk_forward_exception: 0x71FF90,
dbgk_clear_process_debug_object: 0x760860,
dbgk_create_thread: 0x6B52F4,
dbgk_exit_thread: 0x8849D8,
psp_exit_thread: 0x6B05E0,
psp_terminate_all_threads: 0x6B369C,
dbgk_exit_process: 0x88491C,
dbgk_map_view_of_section: 0x6B7680,
dbgk_unmap_view_of_section: 0x6F90AC,
psp_call_process_notify_routines: 0x60283C,
psp_call_thread_notify_routines: 0x602D50,
ps_call_image_notify_routines: 0x602BC0,
},
},
OSVersionInfo {
major_version: 10,
minor_version: 0,
build_number: 15063,
patch_number: 0,
windows_version: "windows-10",
version_desc: "1703 (Creators Update, Redstone 2)",
offset: Offset {
eprocess_peb: 0x3f8,
eprocess_rundown_protect: 0x2f8,
eprocess_section_object: 0x3b8,
eprocess_section_base_address: 0x3c0,
eprocess_flags: 0x304,
eprocess_pcb: 0x0,
eprocess_thread_list_head: 0x488,
eprocess_process_lock: 0x2d8,
eprocess_object_table: 0x418,
eprocess_size: 0x818,
ethread_thread_list_entry: 0x6a0,
ethread_cross_thread_flags: 0x6c8,
ethread_start_address: 0x610,
ethread_win32_start_address: 0x690,
ethread_run_down_protect: 0x6b0,
ethread_cid: 0x638,
ethread_size: 0x810,
peb_ldr: 0x18,
ldr_in_load_order_module_list: 0x10,
ldre_base_dll_name: 0x58,
ldre_dll_base: 0x30,
handle_table_table_code: 0x8,
handle_table_entry_low: 0x0,
object_header_type_index: 0x18,
object_header_body: 0x30,
},
func_offset: FunctionOffset {
ps_suspend_thread: 0x709BE0,
ps_resume_thread: 0x6B3160,
dbgk_send_system_dll_messages: 0x8813EC,
ps_open_process: 0x67A820,
dbgkp_send_api_message: 0x884064,
dbgkp_queue_message: 0x882428,
dbgkp_section_to_file_handle: 0x884AA4,
dbgkp_wake_target: 0x882A20,
mm_get_file_name_for_address: 0x8C0A44,
dbgkp_post_module_messages: 0x8821B0,
dbgk_forward_exception: 0x71FF90,
dbgk_clear_process_debug_object: 0x760860,
dbgk_create_thread: 0x6B52F4,
dbgk_exit_thread: 0x8849D8,
psp_exit_thread: 0x6B05E0,
psp_terminate_all_threads: 0x6B369C,
dbgk_exit_process: 0x88491C,
dbgk_map_view_of_section: 0x6B7680,
dbgk_unmap_view_of_section: 0x6F90AC,
psp_call_process_notify_routines: 0x60283C,
psp_call_thread_notify_routines: 0x602D50,
ps_call_image_notify_routines: 0x602BC0,
},
},
OSVersionInfo {
major_version: 10,
minor_version: 0,
build_number: 14393,
patch_number: 0,
windows_version: "windows-10",
version_desc: "1607 | Server 2016 (Anniversary Update, Redstone 1)",
offset: Offset {
eprocess_peb: 0x3f8,
eprocess_rundown_protect: 0x2e0,
eprocess_section_object: 0x3b8,
eprocess_section_base_address: 0x3c0,
eprocess_flags: 0x304,
eprocess_pcb: 0x0,
eprocess_thread_list_head: 0x488,
eprocess_process_lock: 0x2d8,
eprocess_object_table: 0x418,
eprocess_size: 0x7b0,
ethread_thread_list_entry: 0x698,
ethread_cross_thread_flags: 0x6c0,
ethread_start_address: 0x608,
ethread_win32_start_address: 0x688,
ethread_run_down_protect: 0x6a8,
ethread_cid: 0x630,
ethread_size: 0x7e0,
peb_ldr: 0x18,
ldr_in_load_order_module_list: 0x10,
ldre_base_dll_name: 0x58,
ldre_dll_base: 0x30,
handle_table_table_code: 0x8,
handle_table_entry_low: 0x0,
object_header_type_index: 0x18,
object_header_body: 0x30,
},
func_offset: FunctionOffset {
ps_suspend_thread: 0x709BE0,
ps_resume_thread: 0x6B3160,
dbgk_send_system_dll_messages: 0x8813EC,
ps_open_process: 0x67A820,
dbgkp_send_api_message: 0x884064,
dbgkp_queue_message: 0x882428,
dbgkp_section_to_file_handle: 0x884AA4,
dbgkp_wake_target: 0x882A20,
mm_get_file_name_for_address: 0x8C0A44,
dbgkp_post_module_messages: 0x8821B0,
dbgk_forward_exception: 0x71FF90,
dbgk_clear_process_debug_object: 0x760860,
dbgk_create_thread: 0x6B52F4,
dbgk_exit_thread: 0x8849D8,
psp_exit_thread: 0x6B05E0,
psp_terminate_all_threads: 0x6B369C,
dbgk_exit_process: 0x88491C,
dbgk_map_view_of_section: 0x6B7680,
dbgk_unmap_view_of_section: 0x6F90AC,
psp_call_process_notify_routines: 0x60283C,
psp_call_thread_notify_routines: 0x602D50,
ps_call_image_notify_routines: 0x602BC0,
},
},
OSVersionInfo {
major_version: 10,
minor_version: 0,
build_number: 10586,
patch_number: 0,
windows_version: "windows-10",
version_desc: "1511 (November Update, Threshold 2)",
offset: Offset {
eprocess_peb: 0x3f8,
eprocess_rundown_protect: 0x2e0,
eprocess_section_object: 0x3b8,
eprocess_section_base_address: 0x3c0,
eprocess_flags: 0x304,
eprocess_pcb: 0x0,
eprocess_thread_list_head: 0x488,
eprocess_process_lock: 0x2d8,
eprocess_object_table: 0x418,
eprocess_size: 0x788,
ethread_thread_list_entry: 0x690,
ethread_cross_thread_flags: 0x6bc,
ethread_start_address: 0x600,
ethread_win32_start_address: 0x680,
ethread_run_down_protect: 0x6a0,
ethread_cid: 0x628,
ethread_size: 0x7c0,
peb_ldr: 0x18,
ldr_in_load_order_module_list: 0x10,
ldre_base_dll_name: 0x58,
ldre_dll_base: 0x30,
handle_table_table_code: 0x8,
handle_table_entry_low: 0x0,
object_header_type_index: 0x18,
object_header_body: 0x30,
},
func_offset: FunctionOffset {
ps_suspend_thread: 0x709BE0,
ps_resume_thread: 0x6B3160,
dbgk_send_system_dll_messages: 0x8813EC,
ps_open_process: 0x67A820,
dbgkp_send_api_message: 0x884064,
dbgkp_queue_message: 0x882428,
dbgkp_section_to_file_handle: 0x884AA4,
dbgkp_wake_target: 0x882A20,
mm_get_file_name_for_address: 0x8C0A44,
dbgkp_post_module_messages: 0x8821B0,
dbgk_forward_exception: 0x71FF90,
dbgk_clear_process_debug_object: 0x760860,
dbgk_create_thread: 0x6B52F4,
dbgk_exit_thread: 0x8849D8,
psp_exit_thread: 0x6B05E0,
psp_terminate_all_threads: 0x6B369C,
dbgk_exit_process: 0x88491C,
dbgk_map_view_of_section: 0x6B7680,
dbgk_unmap_view_of_section: 0x6F90AC,
psp_call_process_notify_routines: 0x60283C,
psp_call_thread_notify_routines: 0x602D50,
ps_call_image_notify_routines: 0x602BC0,
},
},
OSVersionInfo {
major_version: 10,
minor_version: 0,
build_number: 10240,
patch_number: 16384,
windows_version: "windows-10",
version_desc: "1507 (Original Release, Threshold 1)",
offset: Offset {
eprocess_peb: 0x3f8,
eprocess_rundown_protect: 0x2e0,
eprocess_section_object: 0x3b8,
eprocess_section_base_address: 0x3c0,
eprocess_flags: 0x304,
eprocess_pcb: 0x0,
eprocess_thread_list_head: 0x480,
eprocess_process_lock: 0x2d8,
eprocess_object_table: 0x418,
eprocess_size: 0x798,
ethread_thread_list_entry: 0x690,
ethread_cross_thread_flags: 0x6bc,
ethread_start_address: 0x600,
ethread_win32_start_address: 0x680,
ethread_run_down_protect: 0x6a0,
ethread_cid: 0x628,
ethread_size: 0x7c0,
peb_ldr: 0x18,
ldr_in_load_order_module_list: 0x10,
ldre_base_dll_name: 0x58,
ldre_dll_base: 0x30,
handle_table_table_code: 0x8,
handle_table_entry_low: 0x0,
object_header_type_index: 0x18,
object_header_body: 0x30,
},
func_offset: FunctionOffset {
ps_suspend_thread: 0x709BE0,
ps_resume_thread: 0x6B3160,
dbgk_send_system_dll_messages: 0x8813EC,
ps_open_process: 0x67A820,
dbgkp_send_api_message: 0x884064,
dbgkp_queue_message: 0x882428,
dbgkp_section_to_file_handle: 0x884AA4,
dbgkp_wake_target: 0x882A20,
mm_get_file_name_for_address: 0x8C0A44,
dbgkp_post_module_messages: 0x8821B0,
dbgk_forward_exception: 0x71FF90,
dbgk_clear_process_debug_object: 0x760860,
dbgk_create_thread: 0x6B52F4,
dbgk_exit_thread: 0x8849D8,
psp_exit_thread: 0x6B05E0,
psp_terminate_all_threads: 0x6B369C,
dbgk_exit_process: 0x88491C,
dbgk_map_view_of_section: 0x6B7680,
dbgk_unmap_view_of_section: 0x6F90AC,
psp_call_process_notify_routines: 0x60283C,
psp_call_thread_notify_routines: 0x602D50,
ps_call_image_notify_routines: 0x602BC0,
},
},
OSVersionInfo {
major_version: 10,
minor_version: 0,
build_number: 26200,
patch_number: 6584,
windows_version: "windows-11",
version_desc: "25H2 (2025 Update, Germanium R2)",
offset: Offset {
eprocess_peb: 0x2e0,
eprocess_rundown_protect: 0x1e8,
eprocess_section_object: 0x2a8,
eprocess_section_base_address: 0x2b0,
eprocess_flags: 0x1f4,
eprocess_pcb: 0x0,
eprocess_thread_list_head: 0x370,
eprocess_process_lock: 0x1c8,
eprocess_object_table: 0x300,
eprocess_size: 0x840,
ethread_thread_list_entry: 0x578,
ethread_cross_thread_flags: 0x5a0,
ethread_start_address: 0x4e0,
ethread_win32_start_address: 0x560,
ethread_run_down_protect: 0x588,
ethread_cid: 0x508,
ethread_size: 0x798,
peb_ldr: 0x18,
ldr_in_load_order_module_list: 0x10,
ldre_base_dll_name: 0x58,
ldre_dll_base: 0x30,
handle_table_table_code: 0x8,
handle_table_entry_low: 0x0,
object_header_type_index: 0x18,
object_header_body: 0x30,
},
func_offset: FunctionOffset {
ps_suspend_thread: 0x709BE0,
ps_resume_thread: 0x6B3160,
dbgk_send_system_dll_messages: 0x8813EC,
ps_open_process: 0x67A820,
dbgkp_send_api_message: 0x884064,
dbgkp_queue_message: 0x882428,
dbgkp_section_to_file_handle: 0x884AA4,
dbgkp_wake_target: 0x882A20,
mm_get_file_name_for_address: 0x8C0A44,
dbgkp_post_module_messages: 0x8821B0,
dbgk_forward_exception: 0x71FF90,
dbgk_clear_process_debug_object: 0x760860,
dbgk_create_thread: 0x6B52F4,
dbgk_exit_thread: 0x8849D8,
psp_exit_thread: 0x6B05E0,
psp_terminate_all_threads: 0x6B369C,
dbgk_exit_process: 0x88491C,
dbgk_map_view_of_section: 0x6B7680,
dbgk_unmap_view_of_section: 0x6F90AC,
psp_call_process_notify_routines: 0x60283C,
psp_call_thread_notify_routines: 0x602D50,
ps_call_image_notify_routines: 0x602BC0,
},
},
OSVersionInfo {
major_version: 10,
minor_version: 0,
build_number: 26100,
patch_number: 1742,
windows_version: "windows-11",
version_desc: "24H2 | Server 2025 (2024 Update, Germanium R1)",
offset: Offset {
eprocess_peb: 0x2e0,
eprocess_rundown_protect: 0x1e8,
eprocess_section_object: 0x2a8,
eprocess_section_base_address: 0x2b0,
eprocess_flags: 0x1f4,
eprocess_pcb: 0x0,
eprocess_thread_list_head: 0x370,
eprocess_process_lock: 0x1c8,
eprocess_object_table: 0x300,
eprocess_size: 0x840,
ethread_thread_list_entry: 0x578,
ethread_cross_thread_flags: 0x5a0,
ethread_start_address: 0x4e0,
ethread_win32_start_address: 0x560,
ethread_run_down_protect: 0x588,
ethread_cid: 0x508,
ethread_size: 0x788,
peb_ldr: 0x18,
ldr_in_load_order_module_list: 0x10,
ldre_base_dll_name: 0x58,
ldre_dll_base: 0x30,
handle_table_table_code: 0x8,
handle_table_entry_low: 0x0,
object_header_type_index: 0x18,
object_header_body: 0x30,
},
func_offset: FunctionOffset {
ps_suspend_thread: 0x9FA1A0,
ps_resume_thread: 0xA331C0,
dbgk_send_system_dll_messages: 0x9F9CCC,
ps_open_process: 0x84A060,
dbgkp_send_api_message: 0xA5EF70,
dbgkp_queue_message: 0x8A4A90,
dbgkp_section_to_file_handle: 0xA7ED50,
dbgkp_wake_target: 0x9F95AC,
mm_get_file_name_for_address: 0x91D188,
dbgkp_post_module_messages: 0xA45F04,
dbgk_forward_exception: 0x8A4630,
dbgk_clear_process_debug_object: 0x9F9014,
dbgk_create_thread: 0x871484,
dbgk_exit_thread: 0x6FA124,
psp_exit_thread: 0x859D60,
psp_terminate_all_threads: 0x8C70A4,
dbgk_exit_process: 0x6FA068,
dbgk_map_view_of_section: 0x86241C,
dbgk_unmap_view_of_section: 0xA24F08,
psp_call_process_notify_routines: 0x8A42A8,
psp_call_thread_notify_routines: 0x858C50,
ps_call_image_notify_routines: 0x871E10,
},
},
OSVersionInfo {
major_version: 10,
minor_version: 0,
build_number: 22631,
patch_number: 2428,
windows_version: "windows-11",
version_desc: "23H2 (2023 Update, Nickel R2)",
offset: Offset {
eprocess_peb: 0x550,
eprocess_rundown_protect: 0x458,
eprocess_section_object: 0x518,
eprocess_section_base_address: 0x520,
eprocess_flags: 0x464,
eprocess_pcb: 0x0,
eprocess_thread_list_head: 0x5e0,
eprocess_process_lock: 0x438,
eprocess_object_table: 0x570,
eprocess_size: 0xb80,
ethread_thread_list_entry: 0x538,
ethread_cross_thread_flags: 0x560,
ethread_start_address: 0x4a0,
ethread_win32_start_address: 0x520,
ethread_run_down_protect: 0x548,
ethread_cid: 0x4c8,
ethread_size: 0x900,
peb_ldr: 0x18,
ldr_in_load_order_module_list: 0x10,
ldre_base_dll_name: 0x58,
ldre_dll_base: 0x30,
handle_table_table_code: 0x8,
handle_table_entry_low: 0x0,
object_header_type_index: 0x18,
object_header_body: 0x30,
},
func_offset: FunctionOffset {
ps_suspend_thread: 0x709BE0,
ps_resume_thread: 0x6B3160,
dbgk_send_system_dll_messages: 0x8813EC,
ps_open_process: 0x67A820,
dbgkp_send_api_message: 0x884064,
dbgkp_queue_message: 0x882428,
dbgkp_section_to_file_handle: 0x884AA4,
dbgkp_wake_target: 0x882A20,
mm_get_file_name_for_address: 0x8C0A44,
dbgkp_post_module_messages: 0x8821B0,
dbgk_forward_exception: 0x71FF90,
dbgk_clear_process_debug_object: 0x760860,
dbgk_create_thread: 0x6B52F4,
dbgk_exit_thread: 0x8849D8,
psp_exit_thread: 0x6B05E0,
psp_terminate_all_threads: 0x6B369C,
dbgk_exit_process: 0x88491C,
dbgk_map_view_of_section: 0x6B7680,
dbgk_unmap_view_of_section: 0x6F90AC,
psp_call_process_notify_routines: 0x60283C,
psp_call_thread_notify_routines: 0x602D50,
ps_call_image_notify_routines: 0x602BC0,
},
},
OSVersionInfo {
major_version: 10,
minor_version: 0,
build_number: 22621,
patch_number: 382,
windows_version: "windows-11",
version_desc: "22H2 (2022 Update, Nickel R1)",
offset: Offset {
eprocess_peb: 0x550,
eprocess_rundown_protect: 0x458,
eprocess_section_object: 0x518,
eprocess_section_base_address: 0x520,
eprocess_flags: 0x464,
eprocess_pcb: 0x0,
eprocess_thread_list_head: 0x5e0,
eprocess_process_lock: 0x438,
eprocess_object_table: 0x570,
eprocess_size: 0xb80,
ethread_thread_list_entry: 0x538,
ethread_cross_thread_flags: 0x560,
ethread_start_address: 0x4a0,
ethread_win32_start_address: 0x520,
ethread_run_down_protect: 0x548,
ethread_cid: 0x4c8,
ethread_size: 0x900,
peb_ldr: 0x18,
ldr_in_load_order_module_list: 0x10,
ldre_base_dll_name: 0x58,
ldre_dll_base: 0x30,
handle_table_table_code: 0x8,
handle_table_entry_low: 0x0,
object_header_type_index: 0x18,
object_header_body: 0x30,
},
func_offset: FunctionOffset {
ps_suspend_thread: 0x709BE0,
ps_resume_thread: 0x6B3160,
dbgk_send_system_dll_messages: 0x8813EC,
ps_open_process: 0x67A820,
dbgkp_send_api_message: 0x884064,
dbgkp_queue_message: 0x882428,
dbgkp_section_to_file_handle: 0x884AA4,
dbgkp_wake_target: 0x882A20,
mm_get_file_name_for_address: 0x8C0A44,
dbgkp_post_module_messages: 0x8821B0,
dbgk_forward_exception: 0x71FF90,
dbgk_clear_process_debug_object: 0x760860,
dbgk_create_thread: 0x6B52F4,
dbgk_exit_thread: 0x8849D8,
psp_exit_thread: 0x6B05E0,
psp_terminate_all_threads: 0x6B369C,
dbgk_exit_process: 0x88491C,
dbgk_map_view_of_section: 0x6B7680,
dbgk_unmap_view_of_section: 0x6F90AC,
psp_call_process_notify_routines: 0x60283C,
psp_call_thread_notify_routines: 0x602D50,
ps_call_image_notify_routines: 0x602BC0,
},
},
OSVersionInfo {
major_version: 10,
minor_version: 0,
build_number: 22000,
patch_number: 194,
windows_version: "windows-11",
version_desc: "21H2 (Original Release, Cobalt)",
offset: Offset {
eprocess_peb: 0x550,
eprocess_rundown_protect: 0x458,
eprocess_section_object: 0x518,
eprocess_section_base_address: 0x520,
eprocess_flags: 0x464,
eprocess_pcb: 0x0,
eprocess_thread_list_head: 0x5e0,
eprocess_process_lock: 0x438,
eprocess_object_table: 0x570,
eprocess_size: 0xb80,
ethread_thread_list_entry: 0x538,
ethread_cross_thread_flags: 0x560,
ethread_start_address: 0x4a0,
ethread_win32_start_address: 0x520,
ethread_run_down_protect: 0x548,
ethread_cid: 0x4c8,
ethread_size: 0x8f0,
peb_ldr: 0x18,
ldr_in_load_order_module_list: 0x10,
ldre_base_dll_name: 0x58,
ldre_dll_base: 0x30,
handle_table_table_code: 0x8,
handle_table_entry_low: 0x0,
object_header_type_index: 0x18,
object_header_body: 0x30,
},
func_offset: FunctionOffset {
ps_suspend_thread: 0x709BE0,
ps_resume_thread: 0x6B3160,
dbgk_send_system_dll_messages: 0x8813EC,
ps_open_process: 0x67A820,
dbgkp_send_api_message: 0x884064,
dbgkp_queue_message: 0x882428,
dbgkp_section_to_file_handle: 0x884AA4,
dbgkp_wake_target: 0x882A20,
mm_get_file_name_for_address: 0x8C0A44,
dbgkp_post_module_messages: 0x8821B0,
dbgk_forward_exception: 0x71FF90,
dbgk_clear_process_debug_object: 0x760860,
dbgk_create_thread: 0x6B52F4,
dbgk_exit_thread: 0x8849D8,
psp_exit_thread: 0x6B05E0,
psp_terminate_all_threads: 0x6B369C,
dbgk_exit_process: 0x88491C,
dbgk_map_view_of_section: 0x6B7680,
dbgk_unmap_view_of_section: 0x6F90AC,
psp_call_process_notify_routines: 0x60283C,
psp_call_thread_notify_routines: 0x602D50,
ps_call_image_notify_routines: 0x602BC0,
},
},
OSVersionInfo {
major_version: 10,
minor_version: 0,
build_number: 22000,
patch_number: 1,
windows_version: "windows-11",
version_desc: "Insider Preview (Jun 2021)",
offset: Offset {
eprocess_peb: 0x550,
eprocess_rundown_protect: 0x458,
eprocess_section_object: 0x518,
eprocess_section_base_address: 0x520,
eprocess_flags: 0x464,
eprocess_pcb: 0x0,
eprocess_thread_list_head: 0x5e0,
eprocess_process_lock: 0x438,
eprocess_object_table: 0x570,
eprocess_size: 0xb80,
ethread_thread_list_entry: 0x538,
ethread_cross_thread_flags: 0x560,
ethread_start_address: 0x4a0,
ethread_win32_start_address: 0x520,
ethread_run_down_protect: 0x548,
ethread_cid: 0x4c8,
ethread_size: 0x8f0,
peb_ldr: 0x18,
ldr_in_load_order_module_list: 0x10,
ldre_base_dll_name: 0x58,
ldre_dll_base: 0x30,
handle_table_table_code: 0x8,
handle_table_entry_low: 0x0,
object_header_type_index: 0x18,
object_header_body: 0x30,
},
func_offset: FunctionOffset {
ps_suspend_thread: 0x709BE0,
ps_resume_thread: 0x6B3160,
dbgk_send_system_dll_messages: 0x8813EC,
ps_open_process: 0x67A820,
dbgkp_send_api_message: 0x884064,
dbgkp_queue_message: 0x882428,
dbgkp_section_to_file_handle: 0x884AA4,
dbgkp_wake_target: 0x882A20,
mm_get_file_name_for_address: 0x8C0A44,
dbgkp_post_module_messages: 0x8821B0,
dbgk_forward_exception: 0x71FF90,
dbgk_clear_process_debug_object: 0x760860,
dbgk_create_thread: 0x6B52F4,
dbgk_exit_thread: 0x8849D8,
psp_exit_thread: 0x6B05E0,
psp_terminate_all_threads: 0x6B369C,
dbgk_exit_process: 0x88491C,
dbgk_map_view_of_section: 0x6B7680,
dbgk_unmap_view_of_section: 0x6F90AC,
psp_call_process_notify_routines: 0x60283C,
psp_call_thread_notify_routines: 0x602D50,
ps_call_image_notify_routines: 0x602BC0,
},
},
];