Add definition of TEB + tests on offset of generated ctypes

hakril · hakril · commit c6898a429c10 · 2025-01-31T13:46:11.000+01:00
diff --git a/ctypes_generation/definitions/structures/teb_peb.txt b/ctypes_generation/definitions/structures/teb_peb.txt
@@ -204,7 +204,7 @@ typedef struct _NT_TIB {
     PVOID SubSystemTib;
     union {
         PVOID FiberData;
-        // ULONG Version; // Sub-union break remotectypes generation for now -> Ignore this field until fixed
+        ULONG Version;
     };
     PVOID ArbitraryUserPointer;
     struct _NT_TIB *Self;
diff --git a/tests/test_generated_def.py b/tests/test_generated_def.py
@@ -12,25 +12,25 @@ def assert_struct_offset(struct, field, offset):
 if windows.current_process.bitness == 32:
     PEB32 = windows.generated_def.PEB
     PEB64 = rctypes.transform_type_to_remote64bits(windows.generated_def.PEB)
-    
+
     TEB32 = windows.generated_def.TEB
     TEB64 = rctypes.transform_type_to_remote64bits(windows.generated_def.TEB)
-    
+
     NT_TIB32 = windows.generated_def.NT_TIB
     NT_TIB64 = rctypes.transform_type_to_remote64bits(windows.generated_def.NT_TIB)
-    
+
     SYSTEM_PROCESS_INFORMATION32 = windows.generated_def.SYSTEM_PROCESS_INFORMATION
     SYSTEM_PROCESS_INFORMATION64 = rctypes.transform_type_to_remote64bits(windows.generated_def.SYSTEM_PROCESS_INFORMATION)
 else:
     PEB32 = rctypes.transform_type_to_remote32bits(windows.generated_def.PEB)
     PEB64 = windows.generated_def.PEB
-    
+
     TEB32 = rctypes.transform_type_to_remote32bits(windows.generated_def.TEB)
     TEB64 = windows.generated_def.TEB
-    
+
     NT_TIB32 = rctypes.transform_type_to_remote32bits(windows.generated_def.NT_TIB)
     NT_TIB64 = windows.generated_def.NT_TIB
-    
+
     SYSTEM_PROCESS_INFORMATION32 = rctypes.transform_type_to_remote32bits(windows.generated_def.SYSTEM_PROCESS_INFORMATION)
     SYSTEM_PROCESS_INFORMATION64 = windows.generated_def.SYSTEM_PROCESS_INFORMATION
 
@@ -75,7 +75,7 @@ def test_nt_tib32_fields():
     assert_nt_tib_offset("StackLimit", 8)
     assert_nt_tib_offset("SubSystemTib", 0xc)
     assert_nt_tib_offset("FiberData", 0x10)
-    # assert_nt_tib_offset("Version", 0x14)
+    assert_nt_tib_offset("Version", 0x10)
     assert_nt_tib_offset("ArbitraryUserPointer",  0x14)
     assert_nt_tib_offset("Self", 0x18) # Important !
 
@@ -86,7 +86,7 @@ def test_nt_tib64_fields():
     assert_nt_tib_offset("StackLimit", 0x10)
     assert_nt_tib_offset("SubSystemTib", 0x18)
     assert_nt_tib_offset("FiberData", 0x20)
-    # assert_nt_tib_offset("Version", 0x28)
+    assert_nt_tib_offset("Version", 0x20)
     assert_nt_tib_offset("ArbitraryUserPointer",  0x28)
     assert_nt_tib_offset("Self", 0x30) # Important !
 
diff --git a/windows/generated_def/meta.py b/windows/generated_def/meta.py
@@ -12730,6 +12730,7 @@
 'NET_DISPLAY_USER',
 'NPBITMAP',
 'NPRGBTRIPLE',
+'NT_TIB',
 'OBJECTS_AND_NAME_A',
 'OBJECTS_AND_NAME_W',
 'OBJECTS_AND_SID',
@@ -15117,6 +15118,7 @@
 'RtlDosPathNameToNtPathName_U',
 'RtlEqualUnicodeString',
 'RtlGetCompressionWorkSpaceSize',
+'RtlGetCurrentPeb',
 'RtlGetUnloadEventTraceEx',
 'RtlInitString',
 'RtlInitUnicodeString',
diff --git a/windows/generated_def/winfuncs.py b/windows/generated_def/winfuncs.py
@@ -1735,6 +1735,11 @@
 FreeLibraryPrototype = WINFUNCTYPE(BOOL, HMODULE)
 FreeLibraryParams = ((1, 'hLibModule'),)
 
+#def RtlGetCurrentPeb():
+#    return RtlGetCurrentPeb.ctypes_function()
+RtlGetCurrentPebPrototype = WINFUNCTYPE(PVOID)
+RtlGetCurrentPebParams = ()
+
 #def RegQueryValueExA(hKey, lpValueName, lpReserved, lpType, lpData, lpcbData):
 #    return RegQueryValueExA.ctypes_function(hKey, lpValueName, lpReserved, lpType, lpData, lpcbData)
 RegQueryValueExAPrototype = WINFUNCTYPE(LSTATUS, HKEY, LPCSTR, LPDWORD, LPDWORD, LPBYTE, LPDWORD)
diff --git a/windows/generated_def/winstructs.py b/windows/generated_def/winstructs.py
@@ -1902,7 +1902,8 @@ class _ATTACH_VIRTUAL_DISK_PARAMETERS(Structure):
 PATTACH_VIRTUAL_DISK_PARAMETERS = POINTER(_ATTACH_VIRTUAL_DISK_PARAMETERS)
 
 # Self referencing struct tricks
-class _INTERNET_BUFFERSA(Structure): pass
+class _INTERNET_BUFFERSA(Structure):
+    pass
 INTERNET_BUFFERSA = _INTERNET_BUFFERSA
 LPINTERNET_BUFFERSA = POINTER(_INTERNET_BUFFERSA)
 _INTERNET_BUFFERSA._fields_ = [
@@ -1919,7 +1920,8 @@ class _INTERNET_BUFFERSA(Structure): pass
 ]
 
 # Self referencing struct tricks
-class _INTERNET_BUFFERSW(Structure): pass
+class _INTERNET_BUFFERSW(Structure):
+    pass
 INTERNET_BUFFERSW = _INTERNET_BUFFERSW
 LPINTERNET_BUFFERSW = POINTER(_INTERNET_BUFFERSW)
 _INTERNET_BUFFERSW._fields_ = [
@@ -2453,7 +2455,8 @@ class _IP_INTERFACE_INFO(Structure):
 PIP_INTERFACE_INFO = POINTER(_IP_INTERFACE_INFO)
 
 # Self referencing struct tricks
-class _DNS_CACHE_ENTRY(Structure): pass
+class _DNS_CACHE_ENTRY(Structure):
+    pass
 DNS_CACHE_ENTRY = _DNS_CACHE_ENTRY
 PDNS_CACHE_ENTRY = POINTER(_DNS_CACHE_ENTRY)
 _DNS_CACHE_ENTRY._fields_ = [
@@ -2982,7 +2985,9 @@ class _ANON__DNSRECORDA_SUB_UNION_2(Union):
     ]
 
 # Self referencing struct tricks
-class _DnsRecordA(Structure): pass
+class _DnsRecordA(Structure):
+    _anonymous_ = ("Flags","Data")
+
 DNS_RECORDA = _DnsRecordA
 PDNS_RECORDA = POINTER(_DnsRecordA)
 _DnsRecordA._fields_ = [
@@ -3092,7 +3097,9 @@ class _ANON__DNSRECORDW_SUB_UNION_2(Union):
     ]
 
 # Self referencing struct tricks
-class _DnsRecordW(Structure): pass
+class _DnsRecordW(Structure):
+    _anonymous_ = ("Flags","Data")
+
 DNS_RECORDW = _DnsRecordW
 PDNS_RECORDW = POINTER(_DnsRecordW)
 _DnsRecordW._fields_ = [
@@ -3171,7 +3178,8 @@ class IP_ADDRESS_STRING(Structure):
 PIP_MASK_STRING = POINTER(IP_ADDRESS_STRING)
 
 # Self referencing struct tricks
-class _IP_ADDR_STRING(Structure): pass
+class _IP_ADDR_STRING(Structure):
+    pass
 IP_ADDR_STRING = _IP_ADDR_STRING
 PIP_ADDR_STRING = POINTER(_IP_ADDR_STRING)
 _IP_ADDR_STRING._fields_ = [
@@ -3182,7 +3190,8 @@ class _IP_ADDR_STRING(Structure): pass
 ]
 
 # Self referencing struct tricks
-class _IP_ADAPTER_INFO(Structure): pass
+class _IP_ADAPTER_INFO(Structure):
+    pass
 IP_ADAPTER_INFO = _IP_ADAPTER_INFO
 PIP_ADAPTER_INFO = POINTER(_IP_ADAPTER_INFO)
 _IP_ADAPTER_INFO._fields_ = [
@@ -3877,7 +3886,8 @@ class _SHFILEOPSTRUCTA(Structure):
 SHFILEOPSTRUCTA = _SHFILEOPSTRUCTA
 
 # Self referencing struct tricks
-class _LIST_ENTRY(Structure): pass
+class _LIST_ENTRY(Structure):
+    pass
 LIST_ENTRY = _LIST_ENTRY
 PLIST_ENTRY = POINTER(_LIST_ENTRY)
 PRLIST_ENTRY = POINTER(_LIST_ENTRY)
@@ -4917,23 +4927,31 @@ class _PEB(Structure):
 PPEB = POINTER(_PEB)
 
 # Self referencing struct tricks
-class _EXCEPTION_REGISTRATION_RECORD(Structure): pass
+class _EXCEPTION_REGISTRATION_RECORD(Structure):
+    pass
 
 _EXCEPTION_REGISTRATION_RECORD._fields_ = [
     ("Next", POINTER(_EXCEPTION_REGISTRATION_RECORD)),
     ("Handler", PVOID),
 ]
 
+class _ANON__NT_TIB_SUB_UNION_1(Union):
+    _fields_ = [
+        ("FiberData", PVOID),
+        ("Version", ULONG),
+    ]
+
 # Self referencing struct tricks
-class _NT_TIB(Structure): pass
+class _NT_TIB(Structure):
+    _anonymous_ = ("anon_01",)
 
+NT_TIB = _NT_TIB
 _NT_TIB._fields_ = [
     ("ExceptionList", POINTER(_EXCEPTION_REGISTRATION_RECORD)),
     ("StackBase", PVOID),
     ("StackLimit", PVOID),
     ("SubSystemTib", PVOID),
-    ("FiberData", PVOID),
-    ("Version", ULONG),
+    ("anon_01", _ANON__NT_TIB_SUB_UNION_1),
     ("ArbitraryUserPointer", PVOID),
     ("Self", POINTER(_NT_TIB)),
 ]
@@ -6555,7 +6573,8 @@ class _OSVERSIONINFOEXW(Structure):
 RTL_OSVERSIONINFOEXW = _OSVERSIONINFOEXW
 
 # Self referencing struct tricks
-class _EXCEPTION_RECORD(Structure): pass
+class _EXCEPTION_RECORD(Structure):
+    pass
 EXCEPTION_RECORD = _EXCEPTION_RECORD
 PEXCEPTION_RECORD = POINTER(_EXCEPTION_RECORD)
 _EXCEPTION_RECORD._fields_ = [
@@ -8753,7 +8772,8 @@ class _CERT_SIMPLE_CHAIN(Structure):
 PCERT_SIMPLE_CHAIN = POINTER(_CERT_SIMPLE_CHAIN)
 
 # Self referencing struct tricks
-class _CERT_CHAIN_CONTEXT(Structure): pass
+class _CERT_CHAIN_CONTEXT(Structure):
+    pass
 CERT_CHAIN_CONTEXT = _CERT_CHAIN_CONTEXT
 PCCERT_CHAIN_CONTEXT = POINTER(_CERT_CHAIN_CONTEXT)
 PCERT_CHAIN_CONTEXT = POINTER(_CERT_CHAIN_CONTEXT)
@@ -11118,7 +11138,9 @@ class _ANON__TRUSTEE_A_SUB_UNION_1(Union):
     ]
 
 # Self referencing struct tricks
-class _TRUSTEE_A(Structure): pass
+class _TRUSTEE_A(Structure):
+    _anonymous_ = ("anon_01",)
+
 PTRUSTEEA = POINTER(_TRUSTEE_A)
 PTRUSTEE_A = POINTER(_TRUSTEE_A)
 TRUSTEEA = _TRUSTEE_A
@@ -11152,7 +11174,9 @@ class _ANON__TRUSTEE_W_SUB_UNION_1(Union):
     ]
 
 # Self referencing struct tricks
-class _TRUSTEE_W(Structure): pass
+class _TRUSTEE_W(Structure):
+    _anonymous_ = ("anon_01",)
+
 PTRUSTEEW = POINTER(_TRUSTEE_W)
 PTRUSTEE_W = POINTER(_TRUSTEE_W)
 TRUSTEEW = _TRUSTEE_W
@@ -12564,7 +12588,8 @@ class sockaddr_in(Structure):
 
 
 # Self referencing struct tricks
-class addrinfoW(Structure): pass
+class addrinfoW(Structure):
+    pass
 ADDRINFOW = addrinfoW
 PADDRINFOW = POINTER(addrinfoW)
 addrinfoW._fields_ = [
@@ -12639,7 +12664,8 @@ class _WSAPROTOCOL_INFOW(Structure):
 WSAPROTOCOL_INFOW = _WSAPROTOCOL_INFOW
 
 # Self referencing struct tricks
-class addrinfo(Structure): pass
+class addrinfo(Structure):
+    pass
 ADDRINFOA = addrinfo
 PADDRINFOA = POINTER(addrinfo)
 addrinfo._fields_ = [
diff --git a/windows/winproxy/apis/ntdll.py b/windows/winproxy/apis/ntdll.py
@@ -10,6 +10,9 @@ class NtdllProxy(ApiProxy):
 
 
 # Process
+@NtdllProxy(error_check=fail_on_zero)
+def RtlGetCurrentPeb():
+   return RtlGetCurrentPeb.ctypes_function()
 
 @NtdllProxy()
 def NtOpenProcess(ProcessHandle, DesiredAccess, ObjectAttributes, ClientId):
