TEB

  1. struct TEB
  2. typedef struct _TEB
  3. {
  4.      NT_TIB NtTib;
  5.      PVOID EnvironmentPointer;
  6.      CLIENT_ID ClientId;
  7.      PVOID ActiveRpcHandle;
  8.      PVOID ThreadLocalStoragePointer;
  9.      PPEB ProcessEnvironmentBlock;
  10.      ULONG LastErrorValue;
  11.      ULONG CountOfOwnedCriticalSections;
  12.      PVOID CsrClientThread;
  13.      PVOID Win32ThreadInfo;
  14.      ULONG User32Reserved[26];
  15.      ULONG UserReserved[5];
  16.      PVOID WOW32Reserved;
  17.      ULONG CurrentLocale;
  18.      ULONG FpSoftwareStatusRegister;
  19.      VOID * SystemReserved1[54];
  20.      LONG ExceptionCode;
  21.      PACTIVATION_CONTEXT_STACK ActivationContextStackPointer;
  22.      UCHAR SpareBytes1[36];
  23.      ULONG TxFsContext;
  24.      GDI_TEB_BATCH GdiTebBatch;
  25.      CLIENT_ID RealClientId;
  26.      PVOID GdiCachedProcessHandle;
  27.      ULONG GdiClientPID;
  28.      ULONG GdiClientTID;
  29.      PVOID GdiThreadLocalInfo;
  30.      ULONG Win32ClientInfo[62];
  31.      VOID * glDispatchTable[233];
  32.      ULONG glReserved1[29];
  33.      PVOID glReserved2;
  34.      PVOID glSectionInfo;
  35.      PVOID glSection;
  36.      PVOID glTable;
  37.      PVOID glCurrentRC;
  38.      PVOID glContext;
  39.      ULONG LastStatusValue;
  40.      UNICODE_STRING StaticUnicodeString;
  41.      WCHAR StaticUnicodeBuffer[261];
  42.      PVOID DeallocationStack;
  43.      VOID * TlsSlots[64];
  44.      LIST_ENTRY TlsLinks;
  45.      PVOID Vdm;
  46.      PVOID ReservedForNtRpc;
  47.      VOID * DbgSsReserved[2];
  48.      ULONG HardErrorMode;
  49.      VOID * Instrumentation[9];
  50.      GUID ActivityId;
  51.      PVOID SubProcessTag;
  52.      PVOID EtwLocalData;
  53.      PVOID EtwTraceData;
  54.      PVOID WinSockData;
  55.      ULONG GdiBatchCount;
  56.      UCHAR SpareBool0;
  57.      UCHAR SpareBool1;
  58.      UCHAR SpareBool2;
  59.      UCHAR IdealProcessor;
  60.      ULONG GuaranteedStackBytes;
  61.      PVOID ReservedForPerf;
  62.      PVOID ReservedForOle;
  63.      ULONG WaitingOnLoaderLock;
  64.      PVOID SavedPriorityState;
  65.      ULONG SoftPatchPtr1;
  66.      PVOID ThreadPoolData;
  67.      VOID * * TlsExpansionSlots;
  68.      ULONG ImpersonationLocale;
  69.      ULONG IsImpersonating;
  70.      PVOID NlsCache;
  71.      PVOID pShimData;
  72.      ULONG HeapVirtualAffinity;
  73.      PVOID CurrentTransactionHandle;
  74.      PTEB_ACTIVE_FRAME ActiveFrame;
  75.      PVOID FlsData;
  76.      PVOID PreferredLanguages;
  77.      PVOID UserPrefLanguages;
  78.      PVOID MergedPrefLanguages;
  79.      ULONG MuiImpersonation;
  80.      WORD CrossTebFlags;
  81.      ULONG SpareCrossTebBits: 16;
  82.      WORD SameTebFlags;
  83.      ULONG DbgSafeThunkCall: 1;
  84.      ULONG DbgInDebugPrint: 1;
  85.      ULONG DbgHasFiberData: 1;
  86.      ULONG DbgSkipThreadAttach: 1;
  87.      ULONG DbgWerInShipAssertCode: 1;
  88.      ULONG DbgRanProcessInit: 1;
  89.      ULONG DbgClonedThread: 1;
  90.      ULONG DbgSuppressDebugMsg: 1;
  91.      ULONG SpareSameTebBits: 8;
  92.      PVOID TxnScopeEnterCallback;
  93.      PVOID TxnScopeExitCallback;
  94.      PVOID TxnScopeContext;
  95.      ULONG LockCount;
  96.      ULONG ProcessRundown;
  97.      UINT64 LastSwitchTime;
  98.      UINT64 TotalSwitchOutTime;
  99.      LARGE_INTEGER WaitReasonBitMap;
  100. } TEB, *PTEB;

TIB

  1. typedef struct _NT_TIB
  2. {
  3.      PEXCEPTION_REGISTRATION_RECORD ExceptionList;
  4.      PVOID StackBase;
  5.      PVOID StackLimit;
  6.      PVOID SubSystemTib;
  7.      union
  8.      {
  9.           PVOID FiberData;
  10.           ULONG Version;
  11.      };
  12.      PVOID ArbitraryUserPointer;
  13.      PNT_TIB Self;
  14. } NT_TIB, *PNT_TIB;

PEB

  1. typedef struct _PEB
  2. {
  3.      UCHAR InheritedAddressSpace;
  4.      UCHAR ReadImageFileExecOptions;
  5.      UCHAR BeingDebugged;
  6.      UCHAR BitField;
  7.      ULONG ImageUsesLargePages: 1;
  8.      ULONG IsProtectedProcess: 1;
  9.      ULONG IsLegacyProcess: 1;
  10.      ULONG IsImageDynamicallyRelocated: 1;
  11.      ULONG SpareBits: 4;
  12.      PVOID Mutant;
  13.      PVOID ImageBaseAddress;
  14.      PPEB_LDR_DATA Ldr;
  15.      PRTL_USER_PROCESS_PARAMETERS ProcessParameters;
  16.      PVOID SubSystemData;
  17.      PVOID ProcessHeap;
  18.      PRTL_CRITICAL_SECTION FastPebLock;
  19.      PVOID AtlThunkSListPtr;
  20.      PVOID IFEOKey;
  21.      ULONG CrossProcessFlags;
  22.      ULONG ProcessInJob: 1;
  23.      ULONG ProcessInitializing: 1;
  24.      ULONG ReservedBits0: 30;
  25.      union
  26.      {
  27.           PVOID KernelCallbackTable;
  28.           PVOID UserSharedInfoPtr;
  29.      };
  30.      ULONG SystemReserved[1];
  31.      ULONG SpareUlong;
  32.      PPEB_FREE_BLOCK FreeList;
  33.      ULONG TlsExpansionCounter;
  34.      PVOID TlsBitmap;
  35.      ULONG TlsBitmapBits[2];
  36.      PVOID ReadOnlySharedMemoryBase;
  37.      PVOID HotpatchInformation;
  38.      VOID * * ReadOnlyStaticServerData;
  39.      PVOID AnsiCodePageData;
  40.      PVOID OemCodePageData;
  41.      PVOID UnicodeCaseTableData;
  42.      ULONG NumberOfProcessors;
  43.      ULONG NtGlobalFlag;
  44.      LARGE_INTEGER CriticalSectionTimeout;
  45.      ULONG HeapSegmentReserve;
  46.      ULONG HeapSegmentCommit;
  47.      ULONG HeapDeCommitTotalFreeThreshold;
  48.      ULONG HeapDeCommitFreeBlockThreshold;
  49.      ULONG NumberOfHeaps;
  50.      ULONG MaximumNumberOfHeaps;
  51.      VOID * * ProcessHeaps;
  52.      PVOID GdiSharedHandleTable;
  53.      PVOID ProcessStarterHelper;
  54.      ULONG GdiDCAttributeList;
  55.      PRTL_CRITICAL_SECTION LoaderLock;
  56.      ULONG OSMajorVersion;
  57.      ULONG OSMinorVersion;
  58.      WORD OSBuildNumber;
  59.      WORD OSCSDVersion;
  60.      ULONG OSPlatformId;
  61.      ULONG ImageSubsystem;
  62.      ULONG ImageSubsystemMajorVersion;
  63.      ULONG ImageSubsystemMinorVersion;
  64.      ULONG ImageProcessAffinityMask;
  65.      ULONG GdiHandleBuffer[34];
  66.      PVOID PostProcessInitRoutine;
  67.      PVOID TlsExpansionBitmap;
  68.      ULONG TlsExpansionBitmapBits[32];
  69.      ULONG SessionId;
  70.      ULARGE_INTEGER AppCompatFlags;
  71.      ULARGE_INTEGER AppCompatFlagsUser;
  72.      PVOID pShimData;
  73.      PVOID AppCompatInfo;
  74.      UNICODE_STRING CSDVersion;
  75.      _ACTIVATION_CONTEXT_DATA * ActivationContextData;
  76.      _ASSEMBLY_STORAGE_MAP * ProcessAssemblyStorageMap;
  77.      _ACTIVATION_CONTEXT_DATA * SystemDefaultActivationContextData;
  78.      _ASSEMBLY_STORAGE_MAP * SystemAssemblyStorageMap;
  79.      ULONG MinimumStackCommit;
  80.      _FLS_CALLBACK_INFO * FlsCallback;
  81.      LIST_ENTRY FlsListHead;
  82.      PVOID FlsBitmap;
  83.      ULONG FlsBitmapBits[4];
  84.      ULONG FlsHighIndex;
  85.      PVOID WerRegistrationData;
  86.      PVOID WerShipAssertPtr;
  87. } PEB, *PPEB;

http://www.nirsoft.net/kernel_struct/vista/TEB.html

Windows Vista Kernel Structures

TEB 、TIB、PEB--Vista 32的更多相关文章

  1. 外设位宽为8、16、32时,CPU与外设之间地址线的连接方法

    有不少人问到:flash连接CPU时,根据不同的数据宽度,比如16位的NOR FLASH (A0-A19),处理器的地址线要(A1-A20)左移偏1位.为什么要偏1位? (全文有点晦涩,建议收藏本文对 ...

  2. VC9、VC11、VC14、VC15库 32位 64位 免费下载

    VC9.VC11.VC14.VC15库 32位 64位 免费下载 更新版本的PHP是用VC11,VC14或VC15(分别为Visual Studio 2012,2015或2017编译器)构建的,并且包 ...

  3. Ansi、GB2312、GBK、Unicode(utf8、16、32)

    关于ansi,一般默认为本地编码方式,中文应该是gb编码 他们之间的关系在这边文章里描写的很清楚:http://blog.csdn.net/ldanduo/article/details/820353 ...

  4. 32位和64位系统下 int、char、long、double所占的内存

    32位和64位系统下 int.char.long.double所占内存

  5. FLASH位宽为8、16、32时,CPU与外设之间地址线的连接方法

    转 http://blog.csdn.net/linweig/article/details/5556819 flash连接CPU时,根据不同的数据宽度,比如16位的NOR FLASH (A0-A19 ...

  6. 友盟+U-APM应用性能报告:Android崩溃率达0.32%,OPPO 、华为、VIVO 崩溃表现良好

    ​随着信息技术高速发展,移动互联几乎已成为了一种生活方式的代名词,在全民上网的数字热潮中,如何能最大程度保障产品服务的稳定性,提供良好的用户体验,是当前企业都需要思考和亟待解决的问题.App的应用性能 ...

  7. 处理器核、Core、处理器、CPU区别&&指令集架构与微架构的区别&&32位与64位指令集架构说明

    1.处理器核.Core.处理器.CPU的区别 严格来说"处理器核"和" Core "是指处理器内部最核心的部分,是真正的处理器内核:而"处理器&quo ...

  8. Windows 常用运行库下载 (DirectX、VC++、.Net Framework等)

    经常听到有朋友抱怨他的电脑运行软件或者游戏时提示缺少什么 d3dx9_xx.dll 或 msvcp71.dll.msvcr71.dll又或者是 .Net Framework 初始化之类的错误而无法正常 ...

  9. Linux学习(CentOS-7)---磁盘分区(概念、分区方法、分区方案)

    1磁盘分区相关的概念 1.1什么是磁盘 磁盘就是计算机的外部存储器设备,即将圆形的磁性盘片装在一个方的密封盒子里,这样做的目的是为了防止磁盘表面划伤,导致数据丢失.简单地讲,就是一种计算机信息载体,也 ...

随机推荐

  1. vue slot nested bug

    vue slot nested bug slot name bug Error <slot name="global-system-guide-slot"></s ...

  2. UTC 时间转换 All In One

    UTC 时间转换 All In One http://www.timebie.com/cn/stduniversal.php UTC 时间 世界的每个地区都有自己的本地时间,在 Internet 及无 ...

  3. 使用 Canvas 实现一个类似 Google 的可视化的页面错误反馈库

    使用 Canvas 实现一个类似 Google 的可视化的页面错误反馈库 iframe 嵌套 iframe iframe 包含 复制的 HTML 页面 和支持可以拖拽的工具栏 鼠标经过上面,智能识别 ...

  4. Linux 创建/编辑/查看 文件/文件夹的命令汇总

    Linux 创建/编辑/查看 文件/文件夹的命令汇总 Linux 创建文件的命令Linux,编辑文件的命令Linux 查看文件的命令,touch,vim,vi,gedit,cat,ls -a, ls ...

  5. OAuth 2.0 All In One

    OAuth 2.0 All In One 授权类型 授权代码 隐式 密码凭证 客户端凭证 授权码 授权码授予类型要求用户向提供者进行身份验证-然后将授权码发送回客户端应用程序,提取并与提供者交换以获取 ...

  6. javascript & global event & custom event

    javascript & global event & custom event new CustomEvent object let event = new CustomEvent( ...

  7. array group by key javascript

    array group by key javascript calendar Array.reduce https://developer.mozilla.org/en-US/docs/Web/Jav ...

  8. AtCoder Beginner Contest 192 F - Potion

    题目链接 点我跳转 题目大意 给定 \(N\) 个物品和一个 \(X\) ,第 \(i\) 个物品的重量为 \(ai\),你可以从中选择任意个物品(不能不选) 假定选择了 \(S\) 个物品,物品的总 ...

  9. 1095 Cars on Campus——PAT甲级真题

    1095 Cars on Campus Zhejiang University has 6 campuses and a lot of gates. From each gate we can col ...

  10. oracle check datapump jobs

    reference: https://asktom.oracle.com/pls/apex/asktom.search?tag=getting-ora-31626-job-does-not-exist ...