good

2025-07-22 22:06:34 +03:00
parent d3c189f949
commit f892794557
780 changed files with 436498 additions and 170 deletions
--- a/examples/cs2-silent-aim-master/cstrike/utilities/pe64.h
+++ b/examples/cs2-silent-aim-master/cstrike/utilities/pe64.h
@@ -0,0 +1,592 @@
+#pragma once
+// used: [win] winapi
+#ifndef WIN32_LEAN_AND_MEAN
+#define WIN32_LEAN_AND_MEAN
+#endif
+#include <windows.h>
+
+#pragma region winapi_nt_types
+using NTSTATUS = LONG;
+using MEMORY_INFORMATION_CLASS = INT;
+#pragma endregion
+
+#pragma region winapi_nt_definitions
+#define NtCurrentProcess() (reinterpret_cast<HANDLE>(-1))
+#define NtCurrentThread() (reinterpret_cast<HANDLE>(-2))
+
+/*
+ * NT_SUCCESS =		[0x00000000 .. 0x3FFFFFFF]
+ * NT_INFORMATION =	[0x40000000 .. 0x7FFFFFFF]
+ * NT_WARNING =		[0x80000000 .. 0xBFFFFFFF]
+ * NT_ERROR =		[0xC0000000 .. 0xFFFFFFFF]
+ */
+#define NT_SUCCESS(STATUS) (static_cast<NTSTATUS>(STATUS) >= 0)
+#define NT_INFORMATION(STATUS) ((static_cast<ULONG>(STATUS) >> 30UL) == 1UL)
+#define NT_WARNING(STATUS) ((static_cast<ULONG>(STATUS) >> 30UL) == 2UL)
+#define NT_ERROR(STATUS) ((static_cast<ULONG>(STATUS) >> 30UL) == 3UL)
+#pragma endregion
+
+#pragma region winapi_nt
+
+// @credits: https://www.vergiliusproject.com/kernels/x86/Windows%2010
+
+typedef struct _UNICODE_STRING
+{
+	USHORT Length; // 0x0
+	USHORT MaximumLength; // 0x2
+	WCHAR* Buffer; // 0x8
+} UNICODE_STRING, *PUNICODE_STRING;
+
+static_assert(sizeof(_UNICODE_STRING) == 0x10);
+
+struct _RTL_BALANCED_NODE
+{
+	union
+	{
+		struct _RTL_BALANCED_NODE* Children[2]; //0x0
+
+		struct
+		{
+			struct _RTL_BALANCED_NODE* Left; //0x0
+			struct _RTL_BALANCED_NODE* Right; //0x8
+		};
+	};
+
+	union
+	{
+		struct
+		{
+			UCHAR Red : 1; //0x10
+			UCHAR Balance : 2; //0x10
+		};
+
+		ULONGLONG ParentValue; //0x10
+	};
+};
+
+static_assert(sizeof(_RTL_BALANCED_NODE) == 0x18);
+
+struct _LDR_DATA_TABLE_ENTRY
+{
+	struct _LIST_ENTRY InLoadOrderLinks; //0x0
+	struct _LIST_ENTRY InMemoryOrderLinks; //0x10
+	struct _LIST_ENTRY InInitializationOrderLinks; //0x20
+	VOID* DllBase; //0x30
+	VOID* EntryPoint; //0x38
+	ULONG SizeOfImage; //0x40
+	struct _UNICODE_STRING FullDllName; //0x48
+	struct _UNICODE_STRING BaseDllName; //0x58
+
+	union
+	{
+		UCHAR FlagGroup[4]; //0x68
+		ULONG Flags; //0x68
+
+		struct
+		{
+			ULONG PackagedBinary : 1; //0x68
+			ULONG MarkedForRemoval : 1; //0x68
+			ULONG ImageDll : 1; //0x68
+			ULONG LoadNotificationsSent : 1; //0x68
+			ULONG TelemetryEntryProcessed : 1; //0x68
+			ULONG ProcessStaticImport : 1; //0x68
+			ULONG InLegacyLists : 1; //0x68
+			ULONG InIndexes : 1; //0x68
+			ULONG ShimDll : 1; //0x68
+			ULONG InExceptionTable : 1; //0x68
+			ULONG ReservedFlags1 : 2; //0x68
+			ULONG LoadInProgress : 1; //0x68
+			ULONG LoadConfigProcessed : 1; //0x68
+			ULONG EntryProcessed : 1; //0x68
+			ULONG ProtectDelayLoad : 1; //0x68
+			ULONG ReservedFlags3 : 2; //0x68
+			ULONG DontCallForThreads : 1; //0x68
+			ULONG ProcessAttachCalled : 1; //0x68
+			ULONG ProcessAttachFailed : 1; //0x68
+			ULONG CorDeferredValidate : 1; //0x68
+			ULONG CorImage : 1; //0x68
+			ULONG DontRelocate : 1; //0x68
+			ULONG CorILOnly : 1; //0x68
+			ULONG ChpeImage : 1; //0x68
+			ULONG ChpeEmulatorImage : 1; //0x68
+			ULONG ReservedFlags5 : 1; //0x68
+			ULONG Redirected : 1; //0x68
+			ULONG ReservedFlags6 : 2; //0x68
+			ULONG CompatDatabaseProcessed : 1; //0x68
+		};
+	};
+
+	USHORT ObsoleteLoadCount; //0x6c
+	USHORT TlsIndex; //0x6e
+	struct _LIST_ENTRY HashLinks; //0x70
+	ULONG TimeDateStamp; //0x80
+	struct _ACTIVATION_CONTEXT* EntryPointActivationContext; //0x88
+	VOID* Lock; //0x90
+	struct _LDR_DDAG_NODE* DdagNode; //0x98
+	struct _LIST_ENTRY NodeModuleLink; //0xa0
+	struct _LDRP_LOAD_CONTEXT* LoadContext; //0xb0
+	VOID* ParentDllBase; //0xb8
+	VOID* SwitchBackContext; //0xc0
+	_RTL_BALANCED_NODE BaseAddressIndexNode; //0xc8
+	_RTL_BALANCED_NODE MappingInfoIndexNode; //0xe0
+	ULONGLONG OriginalBase; //0xf8
+	union _LARGE_INTEGER LoadTime; //0x100
+	ULONG BaseNameHashValue; //0x108
+	enum _LDR_DLL_LOAD_REASON LoadReason; //0x10c
+	ULONG ImplicitPathOptions; //0x110
+	ULONG ReferenceCount; //0x114
+	ULONG DependentLoadFlags; //0x118
+	UCHAR SigningLevel; //0x11c
+	ULONG CheckSum; //0x120
+	VOID* ActivePatchImageBase; //0x128
+	enum _LDR_HOT_PATCH_STATE HotPatchState; //0x130
+};
+
+static_assert(sizeof(_LDR_DATA_TABLE_ENTRY) == 0x138);
+
+struct _PEB_LDR_DATA
+{
+	ULONG Length; //0x0
+	UCHAR Initialized; //0x4
+	VOID* SsHandle; //0x8
+	struct _LIST_ENTRY InLoadOrderModuleList; //0x10
+	struct _LIST_ENTRY InMemoryOrderModuleList; //0x20
+	struct _LIST_ENTRY InInitializationOrderModuleList; //0x30
+	VOID* EntryInProgress; //0x40
+	UCHAR ShutdownInProgress; //0x48
+	VOID* ShutdownThreadId; //0x50
+};
+
+static_assert(sizeof(_PEB_LDR_DATA) == 0x58);
+
+struct _CURDIR
+{
+	struct _UNICODE_STRING DosPath; //0x0
+	VOID* Handle; //0x10
+};
+
+static_assert(sizeof(_CURDIR) == 0x18);
+
+struct _STRING
+{
+	USHORT Length; //0x0
+	USHORT MaximumLength; //0x2
+	CHAR* Buffer; //0x8
+};
+
+static_assert(sizeof(_STRING) == 0x10);
+
+struct _RTL_DRIVE_LETTER_CURDIR
+{
+	USHORT Flags; //0x0
+	USHORT Length; //0x2
+	ULONG TimeStamp; //0x4
+	struct _STRING DosPath; //0x8
+};
+
+static_assert(sizeof(_RTL_DRIVE_LETTER_CURDIR) == 0x18);
+
+struct _RTL_USER_PROCESS_PARAMETERS
+{
+	ULONG MaximumLength; //0x0
+	ULONG Length; //0x4
+	ULONG Flags; //0x8
+	ULONG DebugFlags; //0xc
+	VOID* ConsoleHandle; //0x10
+	ULONG ConsoleFlags; //0x18
+	VOID* StandardInput; //0x20
+	VOID* StandardOutput; //0x28
+	VOID* StandardError; //0x30
+	struct _CURDIR CurrentDirectory; //0x38
+	struct _UNICODE_STRING DllPath; //0x50
+	struct _UNICODE_STRING ImagePathName; //0x60
+	struct _UNICODE_STRING CommandLine; //0x70
+	VOID* Environment; //0x80
+	ULONG StartingX; //0x88
+	ULONG StartingY; //0x8c
+	ULONG CountX; //0x90
+	ULONG CountY; //0x94
+	ULONG CountCharsX; //0x98
+	ULONG CountCharsY; //0x9c
+	ULONG FillAttribute; //0xa0
+	ULONG WindowFlags; //0xa4
+	ULONG ShowWindowFlags; //0xa8
+	struct _UNICODE_STRING WindowTitle; //0xb0
+	struct _UNICODE_STRING DesktopInfo; //0xc0
+	struct _UNICODE_STRING ShellInfo; //0xd0
+	struct _UNICODE_STRING RuntimeData; //0xe0
+	struct _RTL_DRIVE_LETTER_CURDIR CurrentDirectores[32]; //0xf0
+	ULONGLONG EnvironmentSize; //0x3f0
+	ULONGLONG EnvironmentVersion; //0x3f8
+	VOID* PackageDependencyData; //0x400
+	ULONG ProcessGroupId; //0x408
+	ULONG LoaderThreads; //0x40c
+	struct _UNICODE_STRING RedirectionDllName; //0x410
+	struct _UNICODE_STRING HeapPartitionName; //0x420
+	ULONGLONG* DefaultThreadpoolCpuSetMasks; //0x430
+	ULONG DefaultThreadpoolCpuSetMaskCount; //0x438
+	ULONG DefaultThreadpoolThreadMaximum; //0x43c
+	ULONG HeapMemoryTypeMask; //0x440
+};
+
+static_assert(sizeof(_RTL_USER_PROCESS_PARAMETERS) == 0x448);
+
+struct _PEB
+{
+	UCHAR InheritedAddressSpace; //0x0
+	UCHAR ReadImageFileExecOptions; //0x1
+	UCHAR BeingDebugged; //0x2
+
+	union
+	{
+		UCHAR BitField; //0x3
+
+		struct
+		{
+			UCHAR ImageUsesLargePages : 1; //0x3
+			UCHAR IsProtectedProcess : 1; //0x3
+			UCHAR IsImageDynamicallyRelocated : 1; //0x3
+			UCHAR SkipPatchingUser32Forwarders : 1; //0x3
+			UCHAR IsPackagedProcess : 1; //0x3
+			UCHAR IsAppContainer : 1; //0x3
+			UCHAR IsProtectedProcessLight : 1; //0x3
+			UCHAR IsLongPathAwareProcess : 1; //0x3
+		};
+	};
+
+	UCHAR Padding0[4]; //0x4
+	VOID* Mutant; //0x8
+	VOID* ImageBaseAddress; //0x10
+	struct _PEB_LDR_DATA* Ldr; //0x18
+	struct _RTL_USER_PROCESS_PARAMETERS* ProcessParameters; //0x20
+	VOID* SubSystemData; //0x28
+	VOID* ProcessHeap; //0x30
+	struct _RTL_CRITICAL_SECTION* FastPebLock; //0x38
+	union _SLIST_HEADER* volatile AtlThunkSListPtr; //0x40
+	VOID* IFEOKey; //0x48
+
+	union
+	{
+		ULONG CrossProcessFlags; //0x50
+
+		struct
+		{
+			ULONG ProcessInJob : 1; //0x50
+			ULONG ProcessInitializing : 1; //0x50
+			ULONG ProcessUsingVEH : 1; //0x50
+			ULONG ProcessUsingVCH : 1; //0x50
+			ULONG ProcessUsingFTH : 1; //0x50
+			ULONG ProcessPreviouslyThrottled : 1; //0x50
+			ULONG ProcessCurrentlyThrottled : 1; //0x50
+			ULONG ProcessImagesHotPatched : 1; //0x50
+			ULONG ReservedBits0 : 24; //0x50
+		};
+	};
+
+	UCHAR Padding1[4]; //0x54
+
+	union
+	{
+		VOID* KernelCallbackTable; //0x58
+		VOID* UserSharedInfoPtr; //0x58
+	};
+
+	ULONG SystemReserved; //0x60
+	ULONG AtlThunkSListPtr32; //0x64
+	VOID* ApiSetMap; //0x68
+	ULONG TlsExpansionCounter; //0x70
+	UCHAR Padding2[4]; //0x74
+	struct _RTL_BITMAP* TlsBitmap; //0x78
+	ULONG TlsBitmapBits[2]; //0x80
+	VOID* ReadOnlySharedMemoryBase; //0x88
+	VOID* SharedData; //0x90
+	VOID** ReadOnlyStaticServerData; //0x98
+	VOID* AnsiCodePageData; //0xa0
+	VOID* OemCodePageData; //0xa8
+	VOID* UnicodeCaseTableData; //0xb0
+	ULONG NumberOfProcessors; //0xb8
+	ULONG NtGlobalFlag; //0xbc
+	union _LARGE_INTEGER CriticalSectionTimeout; //0xc0
+	ULONGLONG HeapSegmentReserve; //0xc8
+	ULONGLONG HeapSegmentCommit; //0xd0
+	ULONGLONG HeapDeCommitTotalFreeThreshold; //0xd8
+	ULONGLONG HeapDeCommitFreeBlockThreshold; //0xe0
+	ULONG NumberOfHeaps; //0xe8
+	ULONG MaximumNumberOfHeaps; //0xec
+	VOID** ProcessHeaps; //0xf0
+	VOID* GdiSharedHandleTable; //0xf8
+	VOID* ProcessStarterHelper; //0x100
+	ULONG GdiDCAttributeList; //0x108
+	UCHAR Padding3[4]; //0x10c
+	struct _RTL_CRITICAL_SECTION* LoaderLock; //0x110
+	ULONG OSMajorVersion; //0x118
+	ULONG OSMinorVersion; //0x11c
+	USHORT OSBuildNumber; //0x120
+	USHORT OSCSDVersion; //0x122
+	ULONG OSPlatformId; //0x124
+	ULONG ImageSubsystem; //0x128
+	ULONG ImageSubsystemMajorVersion; //0x12c
+	ULONG ImageSubsystemMinorVersion; //0x130
+	UCHAR Padding4[4]; //0x134
+	ULONGLONG ActiveProcessAffinityMask; //0x138
+	ULONG GdiHandleBuffer[60]; //0x140
+	VOID(*PostProcessInitRoutine)
+	(); //0x230
+	struct _RTL_BITMAP* TlsExpansionBitmap; //0x238
+	ULONG TlsExpansionBitmapBits[32]; //0x240
+	ULONG SessionId; //0x2c0
+	UCHAR Padding5[4]; //0x2c4
+	union _ULARGE_INTEGER AppCompatFlags; //0x2c8
+	union _ULARGE_INTEGER AppCompatFlagsUser; //0x2d0
+	VOID* pShimData; //0x2d8
+	VOID* AppCompatInfo; //0x2e0
+	struct _UNICODE_STRING CSDVersion; //0x2e8
+	struct _ACTIVATION_CONTEXT_DATA* ActivationContextData; //0x2f8
+	struct _ASSEMBLY_STORAGE_MAP* ProcessAssemblyStorageMap; //0x300
+	struct _ACTIVATION_CONTEXT_DATA* SystemDefaultActivationContextData; //0x308
+	struct _ASSEMBLY_STORAGE_MAP* SystemAssemblyStorageMap; //0x310
+	ULONGLONG MinimumStackCommit; //0x318
+	VOID* SparePointers[2]; //0x320
+	VOID* PatchLoaderData; //0x330
+	struct _CHPEV2_PROCESS_INFO* ChpeV2ProcessInfo; //0x338
+	ULONG AppModelFeatureState; //0x340
+	ULONG SpareUlongs[2]; //0x344
+	USHORT ActiveCodePage; //0x34c
+	USHORT OemCodePage; //0x34e
+	USHORT UseCaseMapping; //0x350
+	USHORT UnusedNlsField; //0x352
+	VOID* WerRegistrationData; //0x358
+	VOID* WerShipAssertPtr; //0x360
+	VOID* EcCodeBitMap; //0x368
+	VOID* pImageHeaderHash; //0x370
+
+	union
+	{
+		ULONG TracingFlags; //0x378
+
+		struct
+		{
+			ULONG HeapTracingEnabled : 1; //0x378
+			ULONG CritSecTracingEnabled : 1; //0x378
+			ULONG LibLoaderTracingEnabled : 1; //0x378
+			ULONG SpareTracingBits : 29; //0x378
+		};
+	};
+
+	UCHAR Padding6[4]; //0x37c
+	ULONGLONG CsrServerReadOnlySharedMemoryBase; //0x380
+	ULONGLONG TppWorkerpListLock; //0x388
+	struct _LIST_ENTRY TppWorkerpList; //0x390
+	VOID* WaitOnAddressHashTable[128]; //0x3a0
+	VOID* TelemetryCoverageHeader; //0x7a0
+	ULONG CloudFileFlags; //0x7a8
+	ULONG CloudFileDiagFlags; //0x7ac
+	CHAR PlaceholderCompatibilityMode; //0x7b0
+	CHAR PlaceholderCompatibilityModeReserved[7]; //0x7b1
+	struct _LEAP_SECOND_DATA* LeapSecondData; //0x7b8
+
+	union
+	{
+		ULONG LeapSecondFlags; //0x7c0
+
+		struct
+		{
+			ULONG SixtySecondEnabled : 1; //0x7c0
+			ULONG Reserved : 31; //0x7c0
+		};
+	};
+
+	ULONG NtGlobalFlag2; //0x7c4
+	ULONGLONG ExtendedFeatureDisableMask; //0x7c8
+};
+
+static_assert(sizeof(_PEB) == 0x7d0);
+
+struct _CLIENT_ID
+{
+	PVOID UniqueProcess; // 0x0
+	PVOID UniqueThread; // 0x8
+};
+
+static_assert(sizeof(_CLIENT_ID) == 0x10);
+
+struct _GDI_TEB_BATCH
+{
+	ULONG Offset : 31; //0x0
+	ULONG HasRenderingCommand : 1; //0x0
+	ULONGLONG HDC; //0x8
+	ULONG Buffer[310]; //0x10
+};
+
+static_assert(sizeof(_GDI_TEB_BATCH) == 0x4E8);
+
+struct _ACTIVATION_CONTEXT_STACK
+{
+	struct _RTL_ACTIVATION_CONTEXT_STACK_FRAME* ActiveFrame; //0x0
+	struct _LIST_ENTRY FrameListCache; //0x8
+	ULONG Flags; //0x18
+	ULONG NextCookieSequenceNumber; //0x1c
+	ULONG StackId; //0x20
+};
+
+static_assert(sizeof(_ACTIVATION_CONTEXT_STACK) == 0x28);
+
+struct _TEB
+{
+	struct _NT_TIB NtTib; //0x0
+	VOID* EnvironmentPointer; //0x38
+	struct _CLIENT_ID ClientId; //0x40
+	VOID* ActiveRpcHandle; //0x50
+	VOID* ThreadLocalStoragePointer; //0x58
+	struct _PEB* ProcessEnvironmentBlock; //0x60
+	ULONG LastErrorValue; //0x68
+	ULONG CountOfOwnedCriticalSections; //0x6c
+	VOID* CsrClientThread; //0x70
+	VOID* Win32ThreadInfo; //0x78
+	ULONG User32Reserved[26]; //0x80
+	ULONG UserReserved[5]; //0xe8
+	VOID* WOW32Reserved; //0x100
+	ULONG CurrentLocale; //0x108
+	ULONG FpSoftwareStatusRegister; //0x10c
+	VOID* ReservedForDebuggerInstrumentation[16]; //0x110
+	VOID* SystemReserved1[30]; //0x190
+	CHAR PlaceholderCompatibilityMode; //0x280
+	UCHAR PlaceholderHydrationAlwaysExplicit; //0x281
+	CHAR PlaceholderReserved[10]; //0x282
+	ULONG ProxiedProcessId; //0x28c
+	struct _ACTIVATION_CONTEXT_STACK _ActivationStack; //0x290
+	UCHAR WorkingOnBehalfTicket[8]; //0x2b8
+	LONG ExceptionCode; //0x2c0
+	UCHAR Padding0[4]; //0x2c4
+	struct _ACTIVATION_CONTEXT_STACK* ActivationContextStackPointer; //0x2c8
+	ULONGLONG InstrumentationCallbackSp; //0x2d0
+	ULONGLONG InstrumentationCallbackPreviousPc; //0x2d8
+	ULONGLONG InstrumentationCallbackPreviousSp; //0x2e0
+	ULONG TxFsContext; //0x2e8
+	UCHAR InstrumentationCallbackDisabled; //0x2ec
+	UCHAR UnalignedLoadStoreExceptions; //0x2ed
+	UCHAR Padding1[2]; //0x2ee
+	struct _GDI_TEB_BATCH GdiTebBatch; //0x2f0
+	struct _CLIENT_ID RealClientId; //0x7d8
+	VOID* GdiCachedProcessHandle; //0x7e8
+	ULONG GdiClientPID; //0x7f0
+	ULONG GdiClientTID; //0x7f4
+	VOID* GdiThreadLocalInfo; //0x7f8
+	ULONGLONG Win32ClientInfo[62]; //0x800
+	VOID* glDispatchTable[233]; //0x9f0
+	ULONGLONG glReserved1[29]; //0x1138
+	VOID* glReserved2; //0x1220
+	VOID* glSectionInfo; //0x1228
+	VOID* glSection; //0x1230
+	VOID* glTable; //0x1238
+	VOID* glCurrentRC; //0x1240
+	VOID* glContext; //0x1248
+	ULONG LastStatusValue; //0x1250
+	UCHAR Padding2[4]; //0x1254
+	struct _UNICODE_STRING StaticUnicodeString; //0x1258
+	WCHAR StaticUnicodeBuffer[261]; //0x1268
+	UCHAR Padding3[6]; //0x1472
+	VOID* DeallocationStack; //0x1478
+	VOID* TlsSlots[64]; //0x1480
+	struct _LIST_ENTRY TlsLinks; //0x1680
+	VOID* Vdm; //0x1690
+	VOID* ReservedForNtRpc; //0x1698
+	VOID* DbgSsReserved[2]; //0x16a0
+	ULONG HardErrorMode; //0x16b0
+	UCHAR Padding4[4]; //0x16b4
+	VOID* Instrumentation[11]; //0x16b8
+	struct _GUID ActivityId; //0x1710
+	VOID* SubProcessTag; //0x1720
+	VOID* PerflibData; //0x1728
+	VOID* EtwTraceData; //0x1730
+	VOID* WinSockData; //0x1738
+	ULONG GdiBatchCount; //0x1740
+
+	union
+	{
+		struct _PROCESSOR_NUMBER CurrentIdealProcessor; //0x1744
+		ULONG IdealProcessorValue; //0x1744
+
+		struct
+		{
+			UCHAR ReservedPad0; //0x1744
+			UCHAR ReservedPad1; //0x1745
+			UCHAR ReservedPad2; //0x1746
+			UCHAR IdealProcessor; //0x1747
+		};
+	};
+
+	ULONG GuaranteedStackBytes; //0x1748
+	UCHAR Padding5[4]; //0x174c
+	VOID* ReservedForPerf; //0x1750
+	VOID* ReservedForOle; //0x1758
+	ULONG WaitingOnLoaderLock; //0x1760
+	UCHAR Padding6[4]; //0x1764
+	VOID* SavedPriorityState; //0x1768
+	ULONGLONG ReservedForCodeCoverage; //0x1770
+	VOID* ThreadPoolData; //0x1778
+	VOID** TlsExpansionSlots; //0x1780
+	struct _CHPEV2_CPUAREA_INFO* ChpeV2CpuAreaInfo; //0x1788
+	VOID* Unused; //0x1790
+	ULONG MuiGeneration; //0x1798
+	ULONG IsImpersonating; //0x179c
+	VOID* NlsCache; //0x17a0
+	VOID* pShimData; //0x17a8
+	ULONG HeapData; //0x17b0
+	UCHAR Padding7[4]; //0x17b4
+	VOID* CurrentTransactionHandle; //0x17b8
+	struct _TEB_ACTIVE_FRAME* ActiveFrame; //0x17c0
+	VOID* FlsData; //0x17c8
+	VOID* PreferredLanguages; //0x17d0
+	VOID* UserPrefLanguages; //0x17d8
+	VOID* MergedPrefLanguages; //0x17e0
+	ULONG MuiImpersonation; //0x17e8
+
+	union
+	{
+		volatile USHORT CrossTebFlags; //0x17ec
+		USHORT SpareCrossTebBits : 16; //0x17ec
+	};
+
+	union
+	{
+		USHORT SameTebFlags; //0x17ee
+
+		struct
+		{
+			USHORT SafeThunkCall : 1; //0x17ee
+			USHORT InDebugPrint : 1; //0x17ee
+			USHORT HasFiberData : 1; //0x17ee
+			USHORT SkipThreadAttach : 1; //0x17ee
+			USHORT WerInShipAssertCode : 1; //0x17ee
+			USHORT RanProcessInit : 1; //0x17ee
+			USHORT ClonedThread : 1; //0x17ee
+			USHORT SuppressDebugMsg : 1; //0x17ee
+			USHORT DisableUserStackWalk : 1; //0x17ee
+			USHORT RtlExceptionAttached : 1; //0x17ee
+			USHORT InitialThread : 1; //0x17ee
+			USHORT SessionAware : 1; //0x17ee
+			USHORT LoadOwner : 1; //0x17ee
+			USHORT LoaderWorker : 1; //0x17ee
+			USHORT SkipLoaderInit : 1; //0x17ee
+			USHORT SkipFileAPIBrokering : 1; //0x17ee
+		};
+	};
+
+	VOID* TxnScopeEnterCallback; //0x17f0
+	VOID* TxnScopeExitCallback; //0x17f8
+	VOID* TxnScopeContext; //0x1800
+	ULONG LockCount; //0x1808
+	LONG WowTebOffset; //0x180c
+	VOID* ResourceRetValue; //0x1810
+	VOID* ReservedForWdf; //0x1818
+	ULONGLONG ReservedForCrt; //0x1820
+	struct _GUID EffectiveContainerId; //0x1828
+	ULONGLONG LastSleepCounter; //0x1838
+	ULONG SpinCallCount; //0x1840
+	UCHAR Padding8[4]; //0x1844
+	ULONGLONG ExtendedFeatureDisableMask; //0x1848
+};
+
+static_assert(sizeof(_TEB) == 0x1850);
+#pragma endregion