PureBasic Forums - English

http://www.purebasic.com
https://www.purebasic.fr/english/

The largest WinAPI structure

https://www.purebasic.fr/english/viewtopic.php?t=66575

Page 1 of 1

The largest WinAPI structure

Posted: Sun Sep 11, 2016 3:41 pm
by Lunasole
I was curious how large WinAPI structures can be ("interesting useless statistics"), and seems that DEVMODE is largest one ^^ It is used in functions like CreateDC ().

It has 34 fields. Every included stucture or structure union counted as 1 field, and fields of included structures tree not counting.

Code: Select all

Structure DEVMODE
    dmDeviceName.c[32]
    dmSpecVersion.w
    dmDriverVersion.w
    dmSize.w
    dmDriverExtra.w
    dmFields.l
    dmOrientation.w
    dmPaperSize.w
    dmPaperLength.w
    dmPaperWidth.w
    dmScale.w
    dmCopies.w
    dmDefaultSource.w
    dmPrintQuality.w
    dmColor.w
    dmDuplex.w
    dmYResolution.w
    dmTTOption.w
    dmCollate.w
    dmFormName.c[32]
    dmLogPixels.w
    dmBitsPerPel.l
    dmPelsWidth.l
    dmPelsHeight.l
    StructureUnion
        dmDisplayFlags.l
        dmNup.l
    EndStructureUnion
    dmDisplayFrequency.l
    dmICMMethod.l
    dmICMIntent.l
    dmMediaType.l
    dmDitherType.l
    dmReserved1.l
    dmReserved2.l
    dmPanningWidth.l
    dmPanningHeight.l
EndStructure

Re: The largest WinAPI structure

Posted: Sun Sep 11, 2016 3:49 pm
by Mijikai
How about PEB:

Code: Select all

typedef struct _PEB
{
     UCHAR InheritedAddressSpace;
     UCHAR ReadImageFileExecOptions;
     UCHAR BeingDebugged;
     UCHAR BitField;
     ULONG ImageUsesLargePages: 1;
     ULONG IsProtectedProcess: 1;
     ULONG IsLegacyProcess: 1;
     ULONG IsImageDynamicallyRelocated: 1;
     ULONG SpareBits: 4;
     PVOID Mutant;
     PVOID ImageBaseAddress;
     PPEB_LDR_DATA Ldr;
     PRTL_USER_PROCESS_PARAMETERS ProcessParameters;
     PVOID SubSystemData;
     PVOID ProcessHeap;
     PRTL_CRITICAL_SECTION FastPebLock;
     PVOID AtlThunkSListPtr;
     PVOID IFEOKey;
     ULONG CrossProcessFlags;
     ULONG ProcessInJob: 1;
     ULONG ProcessInitializing: 1;
     ULONG ReservedBits0: 30;
     union
     {
          PVOID KernelCallbackTable;
          PVOID UserSharedInfoPtr;
     };
     ULONG SystemReserved[1];
     ULONG SpareUlong;
     PPEB_FREE_BLOCK FreeList;
     ULONG TlsExpansionCounter;
     PVOID TlsBitmap;
     ULONG TlsBitmapBits[2];
     PVOID ReadOnlySharedMemoryBase;
     PVOID HotpatchInformation;
     VOID * * ReadOnlyStaticServerData;
     PVOID AnsiCodePageData;
     PVOID OemCodePageData;
     PVOID UnicodeCaseTableData;
     ULONG NumberOfProcessors;
     ULONG NtGlobalFlag;
     LARGE_INTEGER CriticalSectionTimeout;
     ULONG HeapSegmentReserve;
     ULONG HeapSegmentCommit;
     ULONG HeapDeCommitTotalFreeThreshold;
     ULONG HeapDeCommitFreeBlockThreshold;
     ULONG NumberOfHeaps;
     ULONG MaximumNumberOfHeaps;
     VOID * * ProcessHeaps;
     PVOID GdiSharedHandleTable;
     PVOID ProcessStarterHelper;
     ULONG GdiDCAttributeList;
     PRTL_CRITICAL_SECTION LoaderLock;
     ULONG OSMajorVersion;
     ULONG OSMinorVersion;
     WORD OSBuildNumber;
     WORD OSCSDVersion;
     ULONG OSPlatformId;
     ULONG ImageSubsystem;
     ULONG ImageSubsystemMajorVersion;
     ULONG ImageSubsystemMinorVersion;
     ULONG ImageProcessAffinityMask;
     ULONG GdiHandleBuffer[34];
     PVOID PostProcessInitRoutine;
     PVOID TlsExpansionBitmap;
     ULONG TlsExpansionBitmapBits[32];
     ULONG SessionId;
     ULARGE_INTEGER AppCompatFlags;
     ULARGE_INTEGER AppCompatFlagsUser;
     PVOID pShimData;
     PVOID AppCompatInfo;
     UNICODE_STRING CSDVersion;
     _ACTIVATION_CONTEXT_DATA * ActivationContextData;
     _ASSEMBLY_STORAGE_MAP * ProcessAssemblyStorageMap;
     _ACTIVATION_CONTEXT_DATA * SystemDefaultActivationContextData;
     _ASSEMBLY_STORAGE_MAP * SystemAssemblyStorageMap;
     ULONG MinimumStackCommit;
     _FLS_CALLBACK_INFO * FlsCallback;
     LIST_ENTRY FlsListHead;
     PVOID FlsBitmap;
     ULONG FlsBitmapBits[4];
     ULONG FlsHighIndex;
     PVOID WerRegistrationData;
     PVOID WerShipAssertPtr;
} PEB, *PPEB;

Re: The largest WinAPI structure

Posted: Sun Sep 11, 2016 4:06 pm
by Lunasole
Mijikai wrote:How about PEB
Nice size, but it's kernel-mode struct, not Win API

Re: The largest WinAPI structure

Posted: Sun Sep 11, 2016 4:18 pm
by Keya
process can read its own PEB and TEB from usermode no problems - address can be obtained in PROCESS_BASIC_INFORMATION, or simply "mov eax, fs:[$18]", and can read other processes PEB/TEBs with ReadProcessMemory

Re: The largest WinAPI structure

Posted: Sun Sep 11, 2016 4:23 pm
by freak
The largest one defined in PB (x64) is CONTEXT with 44 fields:

Code: Select all

Structure CONTEXT
  P1Home.i
  P2Home.i
  P3Home.i
  P4Home.i
  P5Home.i
  P6Home.i
  ContextFlags.l
  MxCsr.l
  SegCs.w
  SegDs.w
  SegEs.w
  SegFs.w
  SegGs.w
  SegSs.w
  EFlags.l
  Dr0.i
  Dr1.i
  Dr2.i
  Dr3.i
  Dr6.i
  Dr7.i
  Rax.i
  Rcx.i
  Rdx.i
  Rbx.i
  Rsp.i
  Rbp.i
  Rsi.i
  Rdi.i
  R8.i
  R9.i
  R10.i
  R11.i
  R12.i
  R13.i
  R14.i
  R15.i
  Rip.i
  FltSave.XMM_SAVE_AREA32
  VectorRegister.M128A[26]
  VectorControl.i
  DebugControl.i
  LastBranchToRip.i
  LastBranchFromRip.i
  LastExceptionToRip.i
  LastExceptionFromRip.i
EndStructure
Of course if you count members of structure unions, then VARIANT wins easily.

Re: The largest WinAPI structure

Posted: Sun Sep 11, 2016 5:55 pm
by nco2k
yep and PROPVARIANT is even worse. :)

http://purebasic.fr/english/viewtopic.p ... 11#p489811

c ya,
nco2k
All times are UTC+01:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited