TEB

struct TEB

typedef struct _TEB

{

     NT_TIB NtTib;

     PVOID EnvironmentPointer;

     CLIENT_ID ClientId;

     PVOID ActiveRpcHandle;

     PVOID ThreadLocalStoragePointer;

     PPEB ProcessEnvironmentBlock;

     ULONG LastErrorValue;

     ULONG CountOfOwnedCriticalSections;

     PVOID CsrClientThread;

     PVOID Win32ThreadInfo;

     ULONG User32Reserved[26];

     ULONG UserReserved[5];

     PVOID WOW32Reserved;

     ULONG CurrentLocale;

     ULONG FpSoftwareStatusRegister;

     VOID * SystemReserved1[54];

     LONG ExceptionCode;

     PACTIVATION_CONTEXT_STACK ActivationContextStackPointer;

     UCHAR SpareBytes1[36];

     ULONG TxFsContext;

     GDI_TEB_BATCH GdiTebBatch;

     CLIENT_ID RealClientId;

     PVOID GdiCachedProcessHandle;

     ULONG GdiClientPID;

     ULONG GdiClientTID;

     PVOID GdiThreadLocalInfo;

     ULONG Win32ClientInfo[62];

     VOID * glDispatchTable[233];

     ULONG glReserved1[29];

     PVOID glReserved2;

     PVOID glSectionInfo;

     PVOID glSection;

     PVOID glTable;

     PVOID glCurrentRC;

     PVOID glContext;

     ULONG LastStatusValue;

     UNICODE_STRING StaticUnicodeString;

     WCHAR StaticUnicodeBuffer[261];

     PVOID DeallocationStack;

     VOID * TlsSlots[64];

     LIST_ENTRY TlsLinks;

     PVOID Vdm;

     PVOID ReservedForNtRpc;

     VOID * DbgSsReserved[2];

     ULONG HardErrorMode;

     VOID * Instrumentation[9];

     GUID ActivityId;

     PVOID SubProcessTag;

     PVOID EtwLocalData;

     PVOID EtwTraceData;

     PVOID WinSockData;

     ULONG GdiBatchCount;

     UCHAR SpareBool0;

     UCHAR SpareBool1;

     UCHAR SpareBool2;

     UCHAR IdealProcessor;

     ULONG GuaranteedStackBytes;

     PVOID ReservedForPerf;

     PVOID ReservedForOle;

     ULONG WaitingOnLoaderLock;

     PVOID SavedPriorityState;

     ULONG SoftPatchPtr1;

     PVOID ThreadPoolData;

     VOID * * TlsExpansionSlots;

     ULONG ImpersonationLocale;

     ULONG IsImpersonating;

     PVOID NlsCache;

     PVOID pShimData;

     ULONG HeapVirtualAffinity;

     PVOID CurrentTransactionHandle;

     PTEB_ACTIVE_FRAME ActiveFrame;

     PVOID FlsData;

     PVOID PreferredLanguages;

     PVOID UserPrefLanguages;

     PVOID MergedPrefLanguages;

     ULONG MuiImpersonation;

     WORD CrossTebFlags;

     ULONG SpareCrossTebBits: 16;

     WORD SameTebFlags;

     ULONG DbgSafeThunkCall: 1;

     ULONG DbgInDebugPrint: 1;

     ULONG DbgHasFiberData: 1;

     ULONG DbgSkipThreadAttach: 1;

     ULONG DbgWerInShipAssertCode: 1;

     ULONG DbgRanProcessInit: 1;

     ULONG DbgClonedThread: 1;

     ULONG DbgSuppressDebugMsg: 1;

     ULONG SpareSameTebBits: 8;

     PVOID TxnScopeEnterCallback;

     PVOID TxnScopeExitCallback;

     PVOID TxnScopeContext;

     ULONG LockCount;

     ULONG ProcessRundown;

     UINT64 LastSwitchTime;

     UINT64 TotalSwitchOutTime;

     LARGE_INTEGER WaitReasonBitMap;

} TEB, *PTEB;

TIB

typedef struct _NT_TIB

{

     PEXCEPTION_REGISTRATION_RECORD ExceptionList;

     PVOID StackBase;

     PVOID StackLimit;

     PVOID SubSystemTib;

     union

     {

          PVOID FiberData;

          ULONG Version;

     };

     PVOID ArbitraryUserPointer;

     PNT_TIB Self;

} NT_TIB, *PNT_TIB;

PEB

typedef struct _PEB

{

     UCHAR InheritedAddressSpace;

     UCHAR ReadImageFileExecOptions;

     UCHAR BeingDebugged;

     UCHAR BitField;

     ULONG ImageUsesLargePages: 1;

     ULONG IsProtectedProcess: 1;

     ULONG IsLegacyProcess: 1;

     ULONG IsImageDynamicallyRelocated: 1;

     ULONG SpareBits: 4;

     PVOID Mutant;

     PVOID ImageBaseAddress;

     PPEB_LDR_DATA Ldr;

     PRTL_USER_PROCESS_PARAMETERS ProcessParameters;

     PVOID SubSystemData;

     PVOID ProcessHeap;

     PRTL_CRITICAL_SECTION FastPebLock;

     PVOID AtlThunkSListPtr;

     PVOID IFEOKey;

     ULONG CrossProcessFlags;

     ULONG ProcessInJob: 1;

     ULONG ProcessInitializing: 1;

     ULONG ReservedBits0: 30;

     union

     {

          PVOID KernelCallbackTable;

          PVOID UserSharedInfoPtr;

     };

     ULONG SystemReserved[1];

     ULONG SpareUlong;

     PPEB_FREE_BLOCK FreeList;

     ULONG TlsExpansionCounter;

     PVOID TlsBitmap;

     ULONG TlsBitmapBits[2];

     PVOID ReadOnlySharedMemoryBase;

     PVOID HotpatchInformation;

     VOID * * ReadOnlyStaticServerData;

     PVOID AnsiCodePageData;

     PVOID OemCodePageData;

     PVOID UnicodeCaseTableData;

     ULONG NumberOfProcessors;

     ULONG NtGlobalFlag;

     LARGE_INTEGER CriticalSectionTimeout;

     ULONG HeapSegmentReserve;

     ULONG HeapSegmentCommit;

     ULONG HeapDeCommitTotalFreeThreshold;

     ULONG HeapDeCommitFreeBlockThreshold;

     ULONG NumberOfHeaps;

     ULONG MaximumNumberOfHeaps;

     VOID * * ProcessHeaps;

     PVOID GdiSharedHandleTable;

     PVOID ProcessStarterHelper;

     ULONG GdiDCAttributeList;

     PRTL_CRITICAL_SECTION LoaderLock;

     ULONG OSMajorVersion;

     ULONG OSMinorVersion;

     WORD OSBuildNumber;

     WORD OSCSDVersion;

     ULONG OSPlatformId;

     ULONG ImageSubsystem;

     ULONG ImageSubsystemMajorVersion;

     ULONG ImageSubsystemMinorVersion;

     ULONG ImageProcessAffinityMask;

     ULONG GdiHandleBuffer[34];

     PVOID PostProcessInitRoutine;

     PVOID TlsExpansionBitmap;

     ULONG TlsExpansionBitmapBits[32];

     ULONG SessionId;

     ULARGE_INTEGER AppCompatFlags;

     ULARGE_INTEGER AppCompatFlagsUser;

     PVOID pShimData;

     PVOID AppCompatInfo;

     UNICODE_STRING CSDVersion;

     _ACTIVATION_CONTEXT_DATA * ActivationContextData;

     _ASSEMBLY_STORAGE_MAP * ProcessAssemblyStorageMap;

     _ACTIVATION_CONTEXT_DATA * SystemDefaultActivationContextData;

     _ASSEMBLY_STORAGE_MAP * SystemAssemblyStorageMap;

     ULONG MinimumStackCommit;

     _FLS_CALLBACK_INFO * FlsCallback;

     LIST_ENTRY FlsListHead;

     PVOID FlsBitmap;

     ULONG FlsBitmapBits[4];

     ULONG FlsHighIndex;

     PVOID WerRegistrationData;

     PVOID WerShipAssertPtr;

} PEB, *PPEB;

http://www.nirsoft.net/kernel_struct/vista/TEB.html

Windows Vista Kernel Structures

TEB 、TIB、PEB--Vista 32的更多相关文章

  1. 外设位宽为8、16、32时,CPU与外设之间地址线的连接方法

    有不少人问到:flash连接CPU时,根据不同的数据宽度,比如16位的NOR FLASH (A0-A19),处理器的地址线要(A1-A20)左移偏1位.为什么要偏1位? (全文有点晦涩,建议收藏本文对 ...

  2. VC9、VC11、VC14、VC15库 32位 64位 免费下载

    VC9.VC11.VC14.VC15库 32位 64位 免费下载 更新版本的PHP是用VC11,VC14或VC15(分别为Visual Studio 2012,2015或2017编译器)构建的,并且包 ...

  3. Ansi、GB2312、GBK、Unicode(utf8、16、32)

    关于ansi,一般默认为本地编码方式,中文应该是gb编码 他们之间的关系在这边文章里描写的很清楚:http://blog.csdn.net/ldanduo/article/details/820353 ...

  4. 32位和64位系统下 int、char、long、double所占的内存

    32位和64位系统下 int.char.long.double所占内存

  5. FLASH位宽为8、16、32时,CPU与外设之间地址线的连接方法

    转 http://blog.csdn.net/linweig/article/details/5556819 flash连接CPU时,根据不同的数据宽度,比如16位的NOR FLASH (A0-A19 ...

  6. 友盟+U-APM应用性能报告:Android崩溃率达0.32%,OPPO 、华为、VIVO 崩溃表现良好

    ​随着信息技术高速发展,移动互联几乎已成为了一种生活方式的代名词,在全民上网的数字热潮中,如何能最大程度保障产品服务的稳定性,提供良好的用户体验,是当前企业都需要思考和亟待解决的问题.App的应用性能 ...

  7. 处理器核、Core、处理器、CPU区别&&指令集架构与微架构的区别&&32位与64位指令集架构说明

    1.处理器核.Core.处理器.CPU的区别 严格来说"处理器核"和" Core "是指处理器内部最核心的部分,是真正的处理器内核:而"处理器&quo ...

  8. Windows 常用运行库下载 (DirectX、VC++、.Net Framework等)

    经常听到有朋友抱怨他的电脑运行软件或者游戏时提示缺少什么 d3dx9_xx.dll 或 msvcp71.dll.msvcr71.dll又或者是 .Net Framework 初始化之类的错误而无法正常 ...

  9. Linux学习(CentOS-7)---磁盘分区(概念、分区方法、分区方案)

    1磁盘分区相关的概念 1.1什么是磁盘 磁盘就是计算机的外部存储器设备,即将圆形的磁性盘片装在一个方的密封盒子里,这样做的目的是为了防止磁盘表面划伤,导致数据丢失.简单地讲,就是一种计算机信息载体,也 ...

随机推荐

  1. 【DP】区间DP入门

    在开始之前我要感谢y总,是他精彩的讲解才让我对区间DP有较深的认识. 简介 一般是线性结构上的对区间进行求解最值,计数的动态规划.大致思路是枚举断点,然后对断点两边求取最优解,然后进行合并从而得解. ...

  2. 设计模式六大原则 All In one

    设计模式六大原则 All In one 开闭原则: 对扩展开放,对修改关闭; 设计模式的六大原则: 0.总原则-开闭原则 对扩展开放, 对修改封闭; 在程序需要进行拓展的时候, 不能去修改原有的代码, ...

  3. js coverage testing

    js coverage testing 测试覆盖率 istanbul 伊斯坦堡/伊斯坦布尔 https://istanbul.js.org/ jest coverage https://jestjs. ...

  4. css skeleton & web app skeleton

    css skeleton & web app skeleton skeleton https://www.cnblogs.com/xgqfrms/p/10437258.html https:/ ...

  5. nodejs package.json中的exports

    test/package.json { "name": "test", "main": "index.js", &quo ...

  6. C++面试题集合(持续更新)

    C++面试中常被问到的几个知识点: 1. 基本概念 多态是什么,C++通过什么实现的多态.虚函数是什么,纯虚类是什么.重载是什么,重写是什么.重载运算符怎么写.new和malloc有什么区别.公有继承 ...

  7. (1)MySQL进阶篇在linux环境下安装

    1.概述 对于mysql二进制安装,优点是可以安装到任何路径下,灵活性好,一台服务器可以安装多个mysql.缺点是已经编译过,性能不如源码编译得好,不能灵活定制编译参数.如果用户即不想安装最简单却不够 ...

  8. css中的transform,transition,translate的关系

    transform 旋转(transform是没有动画效果,你改变了它的值,元素的样子就唰的改变了.其中的位移的函数名就叫translate,所以说,translate是transform的一部分.) ...

  9. 使用EF的Code First模式创建模型

    Entity Framework Core Entity Framework (EF) Core 是轻量化.可扩展.开源和跨平台版的常用 Entity Framework 数据访问技术. EF Cor ...

  10. Redis集群简介及部署

    1简介 在 Redis 3.0 之前,使用 哨兵(sentinel)机制来监控各个节点之间的状态.Redis Cluster 是 Redis 的 分布式解决方案,在 3.0 版本正式推出,有效地解决了 ...