This is all the stuff you would need for the advanced ones here;
Code:
PPEBLOCKROUTINE typedef PVOID
PPVOID typedef ptr PVOID
_PEB_LDR_DATA struct
_Length ULONG ?
Initialized DWORD ?
SsHandle PVOID ?
InLoadOrderModuleList LIST_ENTRY {}
InMemoryOrderModuleList LIST_ENTRY {}
InInitializationOrderModuleList LIST_ENTRY {}
_PEB_LDR_DATA ends
PEB_LDR_DATA typedef _PEB_LDR_DATA
PPEB_LDR_DATA typedef DWORD
UNICODE_STRING struct
_Length USHORT ?
MaximumLength USHORT ?
Buffer PWSTR ?
UNICODE_STRING ends
_RTL_DRIVE_LETTER_CURDIR struct
Flags USHORT ?
_Length USHORT ?
TimeStamp ULONG ?
DosPath UNICODE_STRING {}
_RTL_DRIVE_LETTER_CURDIR ends
RTL_DRIVE_LETTER_CURDIR typedef _RTL_DRIVE_LETTER_CURDIR
_LDR_MODULE struct
InLoadOrderModuleList LIST_ENTRY {}
InMemoryOrderModuleList LIST_ENTRY {}
InInitializationOrderModuleList LIST_ENTRY {}
BaseAddress PVOID ?
EntryPoint PVOID ?
SizeOfImage ULONG ?
FullDllName UNICODE_STRING {}
BaseDllName UNICODE_STRING {}
Flags ULONG ?
LoadCount USHORT ?
TlsIndex USHORT ?
HashTableEntry LIST_ENTRY {}
TimeDateStamp ULONG ?
_LDR_MODULE ends
LDR_MODULE typedef _LDR_MODULE
_RTL_USER_PROCESS_PARAMETERS struct
MaximumLength ULONG ?
_Length ULONG ?
Flags ULONG ?
DebugFlags ULONG ?
ConsoleHandle PVOID ?
ConsoleFlags ULONG ?
StdInputHandle HANDLE ?
StdOutputHandle HANDLE ?
StdErrorHandle HANDLE ?
CurrentDirectoryPath UNICODE_STRING {}
CurrentDirectoryHandle HANDLE ?
DllPath UNICODE_STRING {}
ImagePathName UNICODE_STRING {}
CommandLine UNICODE_STRING {}
Environment PVOID ?
StartingPositionLeft ULONG ?
StartingPositionTop ULONG ?
_Width ULONG ?
Height ULONG ?
CharWidth ULONG ?
CharHeight ULONG ?
ConsoleTextAttributes ULONG ?
WindowFlags ULONG ?
ShowWindowFlags ULONG ?
WindowTitle UNICODE_STRING {}
DesktopName UNICODE_STRING {}
ShellInfo UNICODE_STRING {}
RuntimeData UNICODE_STRING {}
DLCurrentDirectory RTL_DRIVE_LETTER_CURDIR 020h dup ({})
_RTL_USER_PROCESS_PARAMETERS ends
RTL_USER_PROCESS_PARAMETERS typedef _RTL_USER_PROCESS_PARAMETERS
PRTL_USER_PROCESS_PARAMETERS typedef DWORD
_PEB_FREE_BLOCK struct
Next DWORD ?
_Size ULONG ?
_PEB_FREE_BLOCK ends
PEB_FREE_BLOCK typedef _PEB_FREE_BLOCK
PPEB_FREE_BLOCK typedef DWORD
_PEB struct
InheritedAddressSpace BOOLEAN ?
ReadImageFileExecOptions BOOLEAN ?
BeingDebugged BOOLEAN ?
Spare BOOLEAN ?
Mutant HANDLE ?
ImageBaseAddress PVOID ?
LoaderData PPEB_LDR_DATA ?
ProcessParameters PRTL_USER_PROCESS_PARAMETERS ?
SubSystemData PVOID ?
ProcessHeap PVOID ?
FastPebLock PVOID ?
FastPebLockRoutine PPEBLOCKROUTINE ?
FastPebUnlockRoutine PPEBLOCKROUTINE ?
EnvironmentUpdateCount ULONG ?
KernelCallbackTable PPVOID ?
EventLogSection PVOID ?
EventLog PVOID ?
FreeList PPEB_FREE_BLOCK {}
TlsExpansionCounter ULONG ?
TlsBitmap PVOID ?
TlsBitmapBits ULONG 02h dup (?)
ReadOnlySharedMemoryBase PVOID ?
ReadOnlySharedMemoryHeap PVOID ?
ReadOnlyStaticServerData PPVOID ?
AnsiCodePageData PVOID ?
OemCodePageData PVOID ?
UnicodeCaseTableData PVOID ?
NumberOfProcessors ULONG ?
NtGlobalFlag ULONG ?
Spare2 BYTE 04h dup (?)
CriticalSectionTimeout LARGE_INTEGER {}
HeapSegmentReserve ULONG ?
HeapSegmentCommit ULONG ?
HeapDeCommitTotalFreeThreshold ULONG ?
HeapDeCommitFreeBlockThreshold ULONG ?
NumberOfHeaps ULONG ?
MaximumNumberOfHeaps ULONG ?
ProcessHeaps PPVOID ?
GdiSharedHandleTable PVOID ?
ProcessStarterHelper PVOID ?
GdiDCAttributeList PVOID ?
LoaderLock PVOID ?
OSMajorVersion ULONG ?
OSMinorVersion ULONG ?
OSBuildNumber ULONG ?
OSPlatformId ULONG ?
ImageSubSystem ULONG ?
ImageSubSystemMajorVersion ULONG ?
ImageSubSystemMinorVersion ULONG ?
GdiHandleBuffer ULONG 022h dup (?)
PostProcessInitRoutine ULONG ?
TlsExpansionBitmap ULONG ?
TlsExpansionBitmapBits BYTE 080h dup (?)
SessionId ULONG ?
_PEB ends
PEB typedef _PEB
Please credit if you use this;
Code:
Microsoft
aiwnjoo
UC
Thanks!
PEB Removal in ASM 
Linear Mode
