windbg_to_c icon indicating copy to clipboard operation
windbg_to_c copied to clipboard
verified publisher icon markhc

Wrong union processing

Open swwwolf opened this issue 8 years ago • 1 comments

Windows 10 RS1 x86:

0: kd> dt nt!_EPROCESS ... +0x370 AllowedCpuSets : Uint4B +0x374 DefaultCpuSets : Uint4B +0x370 AllowedCpuSetsIndirect : Ptr32 Uint4B +0x374 DefaultCpuSetsIndirect : Ptr32 Uint4B

Result:

ULONG AllowedCpuSets;
ULONG DefaultCpuSets;
Ptr32 Uint4B AllowedCpuSetsIndirect;
Ptr32 Uint4B DefaultCpuSetsIndirect;

Should be:

union
{
    UINT_3264       AllowedCpuSets;
    UINT_3264*      AllowedCpuSetsIndirect;
};
union
{
    UINT_3264       DefaultCpuSets;
    UINT_3264*      DefaultCpuSetsIndirect;
};

eprocess.txt result.txt

swwwolf avatar Jul 07 '17 08:07 swwwolf

you are wrong,it should be:

union
{
    struct
    {
        ULONG AllowedCpuSets;
        ULONG DefaultCpuSets;
    }
    struct
    {
        Ptr32 Uint4B AllowedCpuSetsIndirect;
        Ptr32 Uint4B DefaultCpuSetsIndirect;
    }
}

floydScript avatar Jul 09 '20 03:07 floydScript