TEB

struct TEB

typedef struct _TEB

{

     NT_TIB NtTib;

     PVOID EnvironmentPointer;

     CLIENT_ID ClientId;

     PVOID ActiveRpcHandle;

     PVOID ThreadLocalStoragePointer;

     PPEB ProcessEnvironmentBlock;

     ULONG LastErrorValue;

     ULONG CountOfOwnedCriticalSections;

     PVOID CsrClientThread;

     PVOID Win32ThreadInfo;

     ULONG User32Reserved[26];

     ULONG UserReserved[5];

     PVOID WOW32Reserved;

     ULONG CurrentLocale;

     ULONG FpSoftwareStatusRegister;

     VOID * SystemReserved1[54];

     LONG ExceptionCode;

     PACTIVATION_CONTEXT_STACK ActivationContextStackPointer;

     UCHAR SpareBytes1[36];

     ULONG TxFsContext;

     GDI_TEB_BATCH GdiTebBatch;

     CLIENT_ID RealClientId;

     PVOID GdiCachedProcessHandle;

     ULONG GdiClientPID;

     ULONG GdiClientTID;

     PVOID GdiThreadLocalInfo;

     ULONG Win32ClientInfo[62];

     VOID * glDispatchTable[233];

     ULONG glReserved1[29];

     PVOID glReserved2;

     PVOID glSectionInfo;

     PVOID glSection;

     PVOID glTable;

     PVOID glCurrentRC;

     PVOID glContext;

     ULONG LastStatusValue;

     UNICODE_STRING StaticUnicodeString;

     WCHAR StaticUnicodeBuffer[261];

     PVOID DeallocationStack;

     VOID * TlsSlots[64];

     LIST_ENTRY TlsLinks;

     PVOID Vdm;

     PVOID ReservedForNtRpc;

     VOID * DbgSsReserved[2];

     ULONG HardErrorMode;

     VOID * Instrumentation[9];

     GUID ActivityId;

     PVOID SubProcessTag;

     PVOID EtwLocalData;

     PVOID EtwTraceData;

     PVOID WinSockData;

     ULONG GdiBatchCount;

     UCHAR SpareBool0;

     UCHAR SpareBool1;

     UCHAR SpareBool2;

     UCHAR IdealProcessor;

     ULONG GuaranteedStackBytes;

     PVOID ReservedForPerf;

     PVOID ReservedForOle;

     ULONG WaitingOnLoaderLock;

     PVOID SavedPriorityState;

     ULONG SoftPatchPtr1;

     PVOID ThreadPoolData;

     VOID * * TlsExpansionSlots;

     ULONG ImpersonationLocale;

     ULONG IsImpersonating;

     PVOID NlsCache;

     PVOID pShimData;

     ULONG HeapVirtualAffinity;

     PVOID CurrentTransactionHandle;

     PTEB_ACTIVE_FRAME ActiveFrame;

     PVOID FlsData;

     PVOID PreferredLanguages;

     PVOID UserPrefLanguages;

     PVOID MergedPrefLanguages;

     ULONG MuiImpersonation;

     WORD CrossTebFlags;

     ULONG SpareCrossTebBits: 16;

     WORD SameTebFlags;

     ULONG DbgSafeThunkCall: 1;

     ULONG DbgInDebugPrint: 1;

     ULONG DbgHasFiberData: 1;

     ULONG DbgSkipThreadAttach: 1;

     ULONG DbgWerInShipAssertCode: 1;

     ULONG DbgRanProcessInit: 1;

     ULONG DbgClonedThread: 1;

     ULONG DbgSuppressDebugMsg: 1;

     ULONG SpareSameTebBits: 8;

     PVOID TxnScopeEnterCallback;

     PVOID TxnScopeExitCallback;

     PVOID TxnScopeContext;

     ULONG LockCount;

     ULONG ProcessRundown;

     UINT64 LastSwitchTime;

     UINT64 TotalSwitchOutTime;

     LARGE_INTEGER WaitReasonBitMap;

} TEB, *PTEB;

TIB

typedef struct _NT_TIB

{

     PEXCEPTION_REGISTRATION_RECORD ExceptionList;

     PVOID StackBase;

     PVOID StackLimit;

     PVOID SubSystemTib;

     union

     {

          PVOID FiberData;

          ULONG Version;

     };

     PVOID ArbitraryUserPointer;

     PNT_TIB Self;

} NT_TIB, *PNT_TIB;

PEB

typedef struct _PEB

{

     UCHAR InheritedAddressSpace;

     UCHAR ReadImageFileExecOptions;

     UCHAR BeingDebugged;

     UCHAR BitField;

     ULONG ImageUsesLargePages: 1;

     ULONG IsProtectedProcess: 1;

     ULONG IsLegacyProcess: 1;

     ULONG IsImageDynamicallyRelocated: 1;

     ULONG SpareBits: 4;

     PVOID Mutant;

     PVOID ImageBaseAddress;

     PPEB_LDR_DATA Ldr;

     PRTL_USER_PROCESS_PARAMETERS ProcessParameters;

     PVOID SubSystemData;

     PVOID ProcessHeap;

     PRTL_CRITICAL_SECTION FastPebLock;

     PVOID AtlThunkSListPtr;

     PVOID IFEOKey;

     ULONG CrossProcessFlags;

     ULONG ProcessInJob: 1;

     ULONG ProcessInitializing: 1;

     ULONG ReservedBits0: 30;

     union

     {

          PVOID KernelCallbackTable;

          PVOID UserSharedInfoPtr;

     };

     ULONG SystemReserved[1];

     ULONG SpareUlong;

     PPEB_FREE_BLOCK FreeList;

     ULONG TlsExpansionCounter;

     PVOID TlsBitmap;

     ULONG TlsBitmapBits[2];

     PVOID ReadOnlySharedMemoryBase;

     PVOID HotpatchInformation;

     VOID * * ReadOnlyStaticServerData;

     PVOID AnsiCodePageData;

     PVOID OemCodePageData;

     PVOID UnicodeCaseTableData;

     ULONG NumberOfProcessors;

     ULONG NtGlobalFlag;

     LARGE_INTEGER CriticalSectionTimeout;

     ULONG HeapSegmentReserve;

     ULONG HeapSegmentCommit;

     ULONG HeapDeCommitTotalFreeThreshold;

     ULONG HeapDeCommitFreeBlockThreshold;

     ULONG NumberOfHeaps;

     ULONG MaximumNumberOfHeaps;

     VOID * * ProcessHeaps;

     PVOID GdiSharedHandleTable;

     PVOID ProcessStarterHelper;

     ULONG GdiDCAttributeList;

     PRTL_CRITICAL_SECTION LoaderLock;

     ULONG OSMajorVersion;

     ULONG OSMinorVersion;

     WORD OSBuildNumber;

     WORD OSCSDVersion;

     ULONG OSPlatformId;

     ULONG ImageSubsystem;

     ULONG ImageSubsystemMajorVersion;

     ULONG ImageSubsystemMinorVersion;

     ULONG ImageProcessAffinityMask;

     ULONG GdiHandleBuffer[34];

     PVOID PostProcessInitRoutine;

     PVOID TlsExpansionBitmap;

     ULONG TlsExpansionBitmapBits[32];

     ULONG SessionId;

     ULARGE_INTEGER AppCompatFlags;

     ULARGE_INTEGER AppCompatFlagsUser;

     PVOID pShimData;

     PVOID AppCompatInfo;

     UNICODE_STRING CSDVersion;

     _ACTIVATION_CONTEXT_DATA * ActivationContextData;

     _ASSEMBLY_STORAGE_MAP * ProcessAssemblyStorageMap;

     _ACTIVATION_CONTEXT_DATA * SystemDefaultActivationContextData;

     _ASSEMBLY_STORAGE_MAP * SystemAssemblyStorageMap;

     ULONG MinimumStackCommit;

     _FLS_CALLBACK_INFO * FlsCallback;

     LIST_ENTRY FlsListHead;

     PVOID FlsBitmap;

     ULONG FlsBitmapBits[4];

     ULONG FlsHighIndex;

     PVOID WerRegistrationData;

     PVOID WerShipAssertPtr;

} PEB, *PPEB;

http://www.nirsoft.net/kernel_struct/vista/TEB.html

Windows Vista Kernel Structures

TEB 、TIB、PEB--Vista 32的更多相关文章

  1. 外设位宽为8、16、32时,CPU与外设之间地址线的连接方法

    有不少人问到:flash连接CPU时,根据不同的数据宽度,比如16位的NOR FLASH (A0-A19),处理器的地址线要(A1-A20)左移偏1位.为什么要偏1位? (全文有点晦涩,建议收藏本文对 ...

  2. VC9、VC11、VC14、VC15库 32位 64位 免费下载

    VC9.VC11.VC14.VC15库 32位 64位 免费下载 更新版本的PHP是用VC11,VC14或VC15(分别为Visual Studio 2012,2015或2017编译器)构建的,并且包 ...

  3. Ansi、GB2312、GBK、Unicode(utf8、16、32)

    关于ansi,一般默认为本地编码方式,中文应该是gb编码 他们之间的关系在这边文章里描写的很清楚:http://blog.csdn.net/ldanduo/article/details/820353 ...

  4. 32位和64位系统下 int、char、long、double所占的内存

    32位和64位系统下 int.char.long.double所占内存

  5. FLASH位宽为8、16、32时,CPU与外设之间地址线的连接方法

    转 http://blog.csdn.net/linweig/article/details/5556819 flash连接CPU时,根据不同的数据宽度,比如16位的NOR FLASH (A0-A19 ...

  6. 友盟+U-APM应用性能报告:Android崩溃率达0.32%,OPPO 、华为、VIVO 崩溃表现良好

    ​随着信息技术高速发展,移动互联几乎已成为了一种生活方式的代名词,在全民上网的数字热潮中,如何能最大程度保障产品服务的稳定性,提供良好的用户体验,是当前企业都需要思考和亟待解决的问题.App的应用性能 ...

  7. 处理器核、Core、处理器、CPU区别&&指令集架构与微架构的区别&&32位与64位指令集架构说明

    1.处理器核.Core.处理器.CPU的区别 严格来说"处理器核"和" Core "是指处理器内部最核心的部分,是真正的处理器内核:而"处理器&quo ...

  8. Windows 常用运行库下载 (DirectX、VC++、.Net Framework等)

    经常听到有朋友抱怨他的电脑运行软件或者游戏时提示缺少什么 d3dx9_xx.dll 或 msvcp71.dll.msvcr71.dll又或者是 .Net Framework 初始化之类的错误而无法正常 ...

  9. Linux学习(CentOS-7)---磁盘分区(概念、分区方法、分区方案)

    1磁盘分区相关的概念 1.1什么是磁盘 磁盘就是计算机的外部存储器设备,即将圆形的磁性盘片装在一个方的密封盒子里,这样做的目的是为了防止磁盘表面划伤,导致数据丢失.简单地讲,就是一种计算机信息载体,也 ...

随机推荐

  1. IPC$入侵

    一 唠叨一下: 网上关于ipc$入侵的文章可谓多如牛毛,而且也不乏优秀之作,攻击步骤甚至可以说已经成为经典的模式,因此也没人愿意再把这已经成为定式的东西拿出来摆弄. 二 什么是ipc$ IPC$(In ...

  2. Generator function vs Async/Await

    Generator function vs Async/Await generator async /await refs xgqfrms 2012-2020 www.cnblogs.com 发布文章 ...

  3. Docker In Action

    Docker In Action Docker 实战 https://docs.docker.com/get-started/overview/ Docker Engine Docker Archit ...

  4. vuex & redux

    vuex & redux https://vuex.vuejs.org/ https://github.com/xgqfrms/VAIO/ https://scrimba.com/playli ...

  5. Linux & bash & tcpdump

    Linux & bash & tcpdump Linux & tcpdump https://www.tecmint.com/12-tcpdump-commands-a-net ...

  6. TypeScript 如何编写类库声明文件 .d.ts

    TypeScript 如何编写类库声明文件 .d.ts how to write a d.ts file declaration-files/ https://www.typescriptlang.o ...

  7. Dart: puppeteer库

    和node的差不多,只有写API不一样 puppeteer 地址 安装依赖 dependencies: puppeteer: ^1.7.1 下载 chrome-win 到 <project_ro ...

  8. NGK 路演美国站,SPC空投与NGK项目安全

    最近,NGK全球巡回路演在美国最大城市纽约市落下帷幕,本次路演有幸邀请了NGK方面代表迈尔逊,纽约当地区块链大咖维克多以及美国当地社群意见代表乔治等人. 路演一开始,美国当地路演师Viko首先致辞,V ...

  9. 超详细Openstack核心组件——nova部署

    目录 OpenStack-nova组件部署 nova组件部署位置 计算节点Nova服务配置(CT配置) 计算节点配置Nova服务-c1节点配置 计算节点-c2(与c1相同)(除了IP地址) contr ...

  10. LoveWord

    个人喜欢的句子汇总! 我告诉你我喜欢你,并不是一定要和你在一起,只是希望今后的你,在遭遇人生低谷的时候,不要灰心,至少曾经有人被你的魅力所吸引,曾经是,以后也会是----村上村树