TEB

struct TEB

typedef struct _TEB

{

     NT_TIB NtTib;

     PVOID EnvironmentPointer;

     CLIENT_ID ClientId;

     PVOID ActiveRpcHandle;

     PVOID ThreadLocalStoragePointer;

     PPEB ProcessEnvironmentBlock;

     ULONG LastErrorValue;

     ULONG CountOfOwnedCriticalSections;

     PVOID CsrClientThread;

     PVOID Win32ThreadInfo;

     ULONG User32Reserved[26];

     ULONG UserReserved[5];

     PVOID WOW32Reserved;

     ULONG CurrentLocale;

     ULONG FpSoftwareStatusRegister;

     VOID * SystemReserved1[54];

     LONG ExceptionCode;

     PACTIVATION_CONTEXT_STACK ActivationContextStackPointer;

     UCHAR SpareBytes1[36];

     ULONG TxFsContext;

     GDI_TEB_BATCH GdiTebBatch;

     CLIENT_ID RealClientId;

     PVOID GdiCachedProcessHandle;

     ULONG GdiClientPID;

     ULONG GdiClientTID;

     PVOID GdiThreadLocalInfo;

     ULONG Win32ClientInfo[62];

     VOID * glDispatchTable[233];

     ULONG glReserved1[29];

     PVOID glReserved2;

     PVOID glSectionInfo;

     PVOID glSection;

     PVOID glTable;

     PVOID glCurrentRC;

     PVOID glContext;

     ULONG LastStatusValue;

     UNICODE_STRING StaticUnicodeString;

     WCHAR StaticUnicodeBuffer[261];

     PVOID DeallocationStack;

     VOID * TlsSlots[64];

     LIST_ENTRY TlsLinks;

     PVOID Vdm;

     PVOID ReservedForNtRpc;

     VOID * DbgSsReserved[2];

     ULONG HardErrorMode;

     VOID * Instrumentation[9];

     GUID ActivityId;

     PVOID SubProcessTag;

     PVOID EtwLocalData;

     PVOID EtwTraceData;

     PVOID WinSockData;

     ULONG GdiBatchCount;

     UCHAR SpareBool0;

     UCHAR SpareBool1;

     UCHAR SpareBool2;

     UCHAR IdealProcessor;

     ULONG GuaranteedStackBytes;

     PVOID ReservedForPerf;

     PVOID ReservedForOle;

     ULONG WaitingOnLoaderLock;

     PVOID SavedPriorityState;

     ULONG SoftPatchPtr1;

     PVOID ThreadPoolData;

     VOID * * TlsExpansionSlots;

     ULONG ImpersonationLocale;

     ULONG IsImpersonating;

     PVOID NlsCache;

     PVOID pShimData;

     ULONG HeapVirtualAffinity;

     PVOID CurrentTransactionHandle;

     PTEB_ACTIVE_FRAME ActiveFrame;

     PVOID FlsData;

     PVOID PreferredLanguages;

     PVOID UserPrefLanguages;

     PVOID MergedPrefLanguages;

     ULONG MuiImpersonation;

     WORD CrossTebFlags;

     ULONG SpareCrossTebBits: 16;

     WORD SameTebFlags;

     ULONG DbgSafeThunkCall: 1;

     ULONG DbgInDebugPrint: 1;

     ULONG DbgHasFiberData: 1;

     ULONG DbgSkipThreadAttach: 1;

     ULONG DbgWerInShipAssertCode: 1;

     ULONG DbgRanProcessInit: 1;

     ULONG DbgClonedThread: 1;

     ULONG DbgSuppressDebugMsg: 1;

     ULONG SpareSameTebBits: 8;

     PVOID TxnScopeEnterCallback;

     PVOID TxnScopeExitCallback;

     PVOID TxnScopeContext;

     ULONG LockCount;

     ULONG ProcessRundown;

     UINT64 LastSwitchTime;

     UINT64 TotalSwitchOutTime;

     LARGE_INTEGER WaitReasonBitMap;

} TEB, *PTEB;

TIB

typedef struct _NT_TIB

{

     PEXCEPTION_REGISTRATION_RECORD ExceptionList;

     PVOID StackBase;

     PVOID StackLimit;

     PVOID SubSystemTib;

     union

     {

          PVOID FiberData;

          ULONG Version;

     };

     PVOID ArbitraryUserPointer;

     PNT_TIB Self;

} NT_TIB, *PNT_TIB;

PEB

typedef struct _PEB

{

     UCHAR InheritedAddressSpace;

     UCHAR ReadImageFileExecOptions;

     UCHAR BeingDebugged;

     UCHAR BitField;

     ULONG ImageUsesLargePages: 1;

     ULONG IsProtectedProcess: 1;

     ULONG IsLegacyProcess: 1;

     ULONG IsImageDynamicallyRelocated: 1;

     ULONG SpareBits: 4;

     PVOID Mutant;

     PVOID ImageBaseAddress;

     PPEB_LDR_DATA Ldr;

     PRTL_USER_PROCESS_PARAMETERS ProcessParameters;

     PVOID SubSystemData;

     PVOID ProcessHeap;

     PRTL_CRITICAL_SECTION FastPebLock;

     PVOID AtlThunkSListPtr;

     PVOID IFEOKey;

     ULONG CrossProcessFlags;

     ULONG ProcessInJob: 1;

     ULONG ProcessInitializing: 1;

     ULONG ReservedBits0: 30;

     union

     {

          PVOID KernelCallbackTable;

          PVOID UserSharedInfoPtr;

     };

     ULONG SystemReserved[1];

     ULONG SpareUlong;

     PPEB_FREE_BLOCK FreeList;

     ULONG TlsExpansionCounter;

     PVOID TlsBitmap;

     ULONG TlsBitmapBits[2];

     PVOID ReadOnlySharedMemoryBase;

     PVOID HotpatchInformation;

     VOID * * ReadOnlyStaticServerData;

     PVOID AnsiCodePageData;

     PVOID OemCodePageData;

     PVOID UnicodeCaseTableData;

     ULONG NumberOfProcessors;

     ULONG NtGlobalFlag;

     LARGE_INTEGER CriticalSectionTimeout;

     ULONG HeapSegmentReserve;

     ULONG HeapSegmentCommit;

     ULONG HeapDeCommitTotalFreeThreshold;

     ULONG HeapDeCommitFreeBlockThreshold;

     ULONG NumberOfHeaps;

     ULONG MaximumNumberOfHeaps;

     VOID * * ProcessHeaps;

     PVOID GdiSharedHandleTable;

     PVOID ProcessStarterHelper;

     ULONG GdiDCAttributeList;

     PRTL_CRITICAL_SECTION LoaderLock;

     ULONG OSMajorVersion;

     ULONG OSMinorVersion;

     WORD OSBuildNumber;

     WORD OSCSDVersion;

     ULONG OSPlatformId;

     ULONG ImageSubsystem;

     ULONG ImageSubsystemMajorVersion;

     ULONG ImageSubsystemMinorVersion;

     ULONG ImageProcessAffinityMask;

     ULONG GdiHandleBuffer[34];

     PVOID PostProcessInitRoutine;

     PVOID TlsExpansionBitmap;

     ULONG TlsExpansionBitmapBits[32];

     ULONG SessionId;

     ULARGE_INTEGER AppCompatFlags;

     ULARGE_INTEGER AppCompatFlagsUser;

     PVOID pShimData;

     PVOID AppCompatInfo;

     UNICODE_STRING CSDVersion;

     _ACTIVATION_CONTEXT_DATA * ActivationContextData;

     _ASSEMBLY_STORAGE_MAP * ProcessAssemblyStorageMap;

     _ACTIVATION_CONTEXT_DATA * SystemDefaultActivationContextData;

     _ASSEMBLY_STORAGE_MAP * SystemAssemblyStorageMap;

     ULONG MinimumStackCommit;

     _FLS_CALLBACK_INFO * FlsCallback;

     LIST_ENTRY FlsListHead;

     PVOID FlsBitmap;

     ULONG FlsBitmapBits[4];

     ULONG FlsHighIndex;

     PVOID WerRegistrationData;

     PVOID WerShipAssertPtr;

} PEB, *PPEB;

http://www.nirsoft.net/kernel_struct/vista/TEB.html

Windows Vista Kernel Structures

TEB 、TIB、PEB--Vista 32的更多相关文章

  1. 外设位宽为8、16、32时,CPU与外设之间地址线的连接方法

    有不少人问到:flash连接CPU时,根据不同的数据宽度,比如16位的NOR FLASH (A0-A19),处理器的地址线要(A1-A20)左移偏1位.为什么要偏1位? (全文有点晦涩,建议收藏本文对 ...

  2. VC9、VC11、VC14、VC15库 32位 64位 免费下载

    VC9.VC11.VC14.VC15库 32位 64位 免费下载 更新版本的PHP是用VC11,VC14或VC15(分别为Visual Studio 2012,2015或2017编译器)构建的,并且包 ...

  3. Ansi、GB2312、GBK、Unicode(utf8、16、32)

    关于ansi,一般默认为本地编码方式,中文应该是gb编码 他们之间的关系在这边文章里描写的很清楚:http://blog.csdn.net/ldanduo/article/details/820353 ...

  4. 32位和64位系统下 int、char、long、double所占的内存

    32位和64位系统下 int.char.long.double所占内存

  5. FLASH位宽为8、16、32时,CPU与外设之间地址线的连接方法

    转 http://blog.csdn.net/linweig/article/details/5556819 flash连接CPU时,根据不同的数据宽度,比如16位的NOR FLASH (A0-A19 ...

  6. 友盟+U-APM应用性能报告:Android崩溃率达0.32%,OPPO 、华为、VIVO 崩溃表现良好

    ​随着信息技术高速发展,移动互联几乎已成为了一种生活方式的代名词,在全民上网的数字热潮中,如何能最大程度保障产品服务的稳定性,提供良好的用户体验,是当前企业都需要思考和亟待解决的问题.App的应用性能 ...

  7. 处理器核、Core、处理器、CPU区别&&指令集架构与微架构的区别&&32位与64位指令集架构说明

    1.处理器核.Core.处理器.CPU的区别 严格来说"处理器核"和" Core "是指处理器内部最核心的部分,是真正的处理器内核:而"处理器&quo ...

  8. Windows 常用运行库下载 (DirectX、VC++、.Net Framework等)

    经常听到有朋友抱怨他的电脑运行软件或者游戏时提示缺少什么 d3dx9_xx.dll 或 msvcp71.dll.msvcr71.dll又或者是 .Net Framework 初始化之类的错误而无法正常 ...

  9. Linux学习(CentOS-7)---磁盘分区(概念、分区方法、分区方案)

    1磁盘分区相关的概念 1.1什么是磁盘 磁盘就是计算机的外部存储器设备,即将圆形的磁性盘片装在一个方的密封盒子里,这样做的目的是为了防止磁盘表面划伤,导致数据丢失.简单地讲,就是一种计算机信息载体,也 ...

随机推荐

  1. 重新上手c语言的一些坑

    c语言结构体不能声明函数,放几个函数指针倒是没问题 c语言结构体不能在声明时初始化 声明两个指针 int *a,*b; 或者typedef int* int_P int_P a,b; typedef要 ...

  2. HCTF Warmup (phpmyadmin4.8.1的文件包含漏洞 )

    Warmup 先看hint   image.png 看url有file参数,感觉可能要用伪协议啥的,试了下,没出东西扫一下目录,发现http://warmup.2018.hctf.io/source. ...

  3. TypeScript tuple 元组

    TypeScript tuple 元组 元组类型允许您用固定数量的元素表示数组,这些元素的类型是已知的,但不必相同. "use strict"; /** * * @author x ...

  4. LeetCode 刷题 App / LeetCode 题解 App

    LeetCode 刷题 APP / LeetCode 题解 App 全端支持 http://leetcode-app.xgqfrms.xyz/ http://leetcode-desktop.xgqf ...

  5. ES2021 & Pipeline operator (|>) / 管道运算符 |>

    ES2021 & Pipeline operator (|>) / 管道运算符 |> demo "use strict"; /** * * @author xg ...

  6. linux bash which

    linux bash which https://linuxize.com/post/linux-which-command/ Linux which command is used to ident ...

  7. robots.txt

    robots.txt A robots.txt file tells search engine crawlers which pages or files the crawler can or ca ...

  8. react hooks & props change & pagination current bug

    react hooks & props change & pagination current bug multi tables & pigination bug & ...

  9. js 使用socket-io发送文件

    更多 前端 import { Component, OnInit, ViewChild, ElementRef } from '@angular/core'; import { MediaDevice ...

  10. Techme INC解读基因魔剪,带来的是机遇还是风险?

    10月7日,诺贝尔化学奖颁给了法国美国生物学家Jennifer Doudna和生物化学家Emmanuelle Charpentier,以表彰她们对新一代基因技术CRISPR的贡献,全网沸腾. CRIS ...