"tagTHREADINFO": [None, {
"pEThread": [None, ["Pointer", dict(
target="_ETHREAD")]],
}],
"tagHOOK": [None, {
"flags": [None, ["Flags", dict(
bitmap=utils.MaskMapFromDefines(
"""
// 9/18/2011
// http://forum.sysinternals.com/enumerate-windows-hooks_topic23877.html#122641
#define HF_GLOBAL 0x0001
#define HF_ANSI 0x0002
#define HF_NEEDHC_SKIP 0x0004
#define HF_HUNG 0x0008
#define HF_HOOKFAULTED 0x0010
#define HF_NOPLAYBACKDELAY 0x0020
#define HF_WX86KNOWINDOWLL 0x0040
#define HF_DESTROYED 0x0080
// mask for valid flags
#define HF_VALID 0x00FF
"""))
]],
}],
"_HANDLEENTRY": [None, {
"pOwner": [None, ["Pointer", dict(
target="tagTHREADINFO")]],
"bFlags": [None, ["Flags", dict(
choices=utils.Invert(utils.MaskMapFromDefines("""
#define SHT_NULL 0 /* Section header table entry unused */
#define SHT_PROGBITS 1 /* Program data */
#define SHT_SYMTAB 2 /* Symbol table */
#define SHT_STRTAB 3 /* String table */
#define SHT_RELA 4 /* Relocation entries with addends */
#define SHT_HASH 5 /* Symbol hash table */
#define SHT_DYNAMIC 6 /* Dynamic linking information */
#define SHT_NOTE 7 /* Notes */
#define SHT_NOBITS 8 /* Program space with no data (bss) */
#define SHT_REL 9 /* Relocation entries, no addends */
#define SHT_SHLIB 10 /* Reserved */
#define SHT_DYNSYM 11 /* Dynamic linker symbol table */
#define SHT_INIT_ARRAY 14 /* Array of constructors */
#define SHT_FINI_ARRAY 15 /* Array of destructors */
#define SHT_PREINIT_ARRAY 16 /* Array of pre-constructors */
#define SHT_GROUP 17 /* Section group */
#define SHT_SYMTAB_SHNDX 18 /* Extended section indeces */
#define SHT_NUM 19 /* Number of defined types. */
#define SHT_LOOS 0x60000000 /* Start OS-specific. */
#define SHT_GNU_ATTRIBUTES 0x6ffffff5 /* Object attributes. */
#define SHT_GNU_HASH 0x6ffffff6 /* GNU-style hash table. */
#define SHT_GNU_LIBLIST 0x6ffffff7 /* Prelink library list */
#define SHT_CHECKSUM 0x6ffffff8 /* Checksum for DSO content. */
#define SHT_LOSUNW 0x6ffffffa /* Sun-specific low bound. */
#define SHT_SUNW_move 0x6ffffffa
#define SHT_SUNW_COMDAT 0x6ffffffb
#define SHT_SUNW_syminfo 0x6ffffffc
#define SHT_GNU_verdef 0x6ffffffd /* Version definition section. */
#define SHT_GNU_verneed 0x6ffffffe /* Version needs section. */
#define SHT_GNU_versym 0x6fffffff /* Version symbol table. */
""")),
linux_overlay = {
'task_struct': [
None,
{
'state': [
None,
[
'Flags',
dict(maskmap=utils.MaskMapFromDefines("""
# From http://lxr.free-electrons.com/source/include/linux/sched.h#L207
#define TASK_RUNNING 0
#define TASK_INTERRUPTIBLE 1
#define TASK_UNINTERRUPTIBLE 2
#define TASK_STOPPED 4
#define TASK_TRACED 8
#define TASK_DEAD 64
#define TASK_WAKEKILL 128
#define TASK_WAKING 256
#define TASK_PARKED 512
#define TASK_STATE_MAX 1024
"""))
]
],
'exit_state': [
None,
[
'Flags',
dict(maskmap=utils.MaskMapFromDefines("""
# From http://lxr.free-electrons.com/source/include/linux/sched.h#L207
/* in tsk->exit_state */
