class CONTEXT_x86_64( Structure ):
_fields_ = [
('P1Home', c_uint64),
('P2Home', c_uint64),
('P3Home', c_uint64),
('P4Home', c_uint64),
('P5Home', c_uint64),
('P6Home', c_uint64),
('ContextFlags', c_uint32),
('MxCsr', c_uint32),
('segcs', c_uint16),
('segds', c_uint16),
('seges', c_uint16),
('segfs', c_uint16),
('seggs', c_uint16),
('segss', c_uint16),
('eflags', c_uint32),
('dr0', c_uint64),
('dr1', c_uint64),
('dr2', c_uint64),
('dr3', c_uint64),
('dr6', c_uint64),
('dr7', c_uint64),
('rax', c_uint64),
('rcx', c_uint64),
('rdx', c_uint64),
('rbx', c_uint64),
('rsp', c_uint64),
('rbp', c_uint64),
('rsi', c_uint64),
('rdi', c_uint64),
('r8', c_uint64),
('r9', c_uint64),
('r10', c_uint64),
('r11', c_uint64),
('r12', c_uint64),
('r13', c_uint64),
('r14', c_uint64),
('r15', c_uint64),
('rip', c_uint64),
('FloatingPointData', c_ARRAY(c_uint64, 80)),
('VectorRegister', c_ARRAY(c_uint64, 52)),
('VectorControl', c_uint64),
('DebugControl', c_uint64),
('LastBranchToRip', c_uint64),
('LastBranchFromRip', c_uint64),
('LastExceptionToRip', c_uint64),
('LastExceptionFromRip',c_uint64)]
class CONTEXT_x86( Structure ):
_fields_ = [
### ('data', c_ARRAY(c_uint32, 1000) )]
('ContextFlags', c_uint32),
('dr0', c_uint32),
('dr1', c_uint32),
('dr2', c_uint32),
('dr3', c_uint32),
('dr6', c_uint32),
('dr7', c_uint32),
('floatsave', FLOATING_SAVE_AREA),
('seggs', c_uint32),
('segfs', c_uint32),
('seges', c_uint32),
('segds', c_uint32),
('edi', c_uint32),
('esi', c_uint32),
('ebx', c_uint32),
('edx', c_uint32),
('ecx', c_uint32),
('eax', c_uint32),
('ebp', c_uint32),
('eip', c_uint32),
('segcs', c_uint32),
('eflags', c_uint32),
('esp', c_uint32),
('segss', c_uint32),
('ExtendedRegisters', c_ARRAY( c_char, 512 )) ]
class EXCEPTION_RECORD( Structure ):
_fields_ = [
('ExceptionCode', c_uint32 ),
('ExceptionFlags', c_uint32 ),
('pExceptionRecord', c_void_p ),
('ExceptionAddress', c_void_p ),
('NumberParameters', c_uint32 ),
('ExceptionInformation', c_ARRAY( c_void_p, 15 )) ]
class FLOATING_SAVE_AREA( Structure ):
_fields_ = [
('ControlWord', c_uint32),
('StatusWord', c_uint32),
('TagWord', c_uint32),
('ErrorOffset', c_uint32),
('ErrorSelector', c_uint32),
('DataOffset', c_uint32),
('DataSelector', c_uint32),
('RegisterArea', c_ARRAY( c_char, 80 )),
('Cr0NpxState', c_uint32) ]
class PROCESS_INFORMATION_BLOCK32(Structure):
_fields_ = [
('NextEntryOffset', c_ulong),
('NumberOfThreads', c_ulong),
#('WorkingSetPrivateSize', c_ulonglong),
#('HardFaultCount', c_ulong),
#('NumberOfThreadsHighWaterMarks',c_ulong),
('Reserved1', c_ARRAY(LARGE_INTEGER, 3)),
('CreateTime', LARGE_INTEGER),
('UserTime', LARGE_INTEGER),
('KernelTime', LARGE_INTEGER),
('ImageName', UNICODE_STRING),
('BasePriority', c_long),
('UniqueProcessId', wintypes.HANDLE),
('InheritedFromUniqueProcessId', wintypes.HANDLE),
('HandleCount', c_ulong),
('Reserved2', c_byte * 4),
('VirtualMemoryCounters', VM_COUNTERS32),
('PeakPagefileUsage', c_ulong),
('PrivatePageCount', c_ulong),
('IoCounters', IO_COUNTERS),
('th', c_ARRAY(SYSTEM_THREAD_INFORMATION, 10)),
]
class SYMBOL_INFO( Structure ):
_fields_ = [
('SuzeOfStruct', c_uint32),
('TypeIndex', c_uint32),
('reserved1', c_uint64),
('reserved2', c_uint64),
('Index', c_uint32),
('Size', c_uint32),
('ModBase', c_uint64),
('Flags', c_uint32),
('Value', c_uint64),
('Address', c_uint64),
('Register', c_uint32),
('Scope', c_uint32),
('Tag', c_uint32),
('NameLen', c_uint32),
('MaxNameLen', c_uint32),
('Name', c_ARRAY(c_char, 0x1000)) ]