Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

struct _MIPFNBLINK incorrect offsets. #10

Open
M3ikShizuka opened this issue Jan 31, 2021 · 1 comment
Open

struct _MIPFNBLINK incorrect offsets. #10

M3ikShizuka opened this issue Jan 31, 2021 · 1 comment

Comments

@M3ikShizuka
Copy link

Version

Edition Windows 10 Pro
Version 20H2
OS build 19042.746

lkd> version
Windows 10 Kernel Version 19041 MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Edition build lab: 19041.1.amd64fre.vb_release.191206-1406

Problem

Home / Kernels / x64 / Windows 10 | 2016 / 2009 20H2 (October 2020 Update) / _MIPFNBLINK
build: 10.0.19041.508 - I'm not sure if the reason for the change is in the build version.
date: 2020-09-27

Described structure

incorrect offsets

Fix solution

Move the fields ShareCount, PageShareCountDeleteBit, PageShareCountLockBit to a separate structure inside the union.

//0x8 bytes (sizeof)
    struct _MIPFNBLINK
    {
        union
        {
            struct
            {
                ULONGLONG Blink : 36;                                             //0x0
                ULONGLONG NodeBlinkHigh : 20;                                     //0x0
                ULONGLONG TbFlushStamp : 4;                                       //0x0
                ULONGLONG Unused : 2;                                             //0x0
                ULONGLONG PageBlinkDeleteBit : 1;                                 //0x0
                ULONGLONG PageBlinkLockBit : 1;                                   //0x0
            };
            struct
            {
                ULONGLONG ShareCount : 62;                                        //0x0
                ULONGLONG PageShareCountDeleteBit : 1;                            //0x0
                ULONGLONG PageShareCountLockBit : 1;                              //0x0
            };
            ULONGLONG EntireField;                                              //0x0
            volatile LONGLONG Lock;                                             //0x0
            struct
            {
                ULONGLONG LockNotUsed : 62;                                       //0x0
                ULONGLONG DeleteBit : 1;                                          //0x0
                ULONGLONG LockBit : 1;                                            //0x0
            };
        };
    };

fixed offsets
@SergiusTheBest
Copy link
Member

Thank you for reporting this! We'll take a look.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@SergiusTheBest @M3ikShizuka