TEB

struct TEB

typedef struct _TEB

{

     NT_TIB NtTib;

     PVOID EnvironmentPointer;

     CLIENT_ID ClientId;

     PVOID ActiveRpcHandle;

     PVOID ThreadLocalStoragePointer;

     PPEB ProcessEnvironmentBlock;

     ULONG LastErrorValue;

     ULONG CountOfOwnedCriticalSections;

     PVOID CsrClientThread;

     PVOID Win32ThreadInfo;

     ULONG User32Reserved[26];

     ULONG UserReserved[5];

     PVOID WOW32Reserved;

     ULONG CurrentLocale;

     ULONG FpSoftwareStatusRegister;

     VOID * SystemReserved1[54];

     LONG ExceptionCode;

     PACTIVATION_CONTEXT_STACK ActivationContextStackPointer;

     UCHAR SpareBytes1[36];

     ULONG TxFsContext;

     GDI_TEB_BATCH GdiTebBatch;

     CLIENT_ID RealClientId;

     PVOID GdiCachedProcessHandle;

     ULONG GdiClientPID;

     ULONG GdiClientTID;

     PVOID GdiThreadLocalInfo;

     ULONG Win32ClientInfo[62];

     VOID * glDispatchTable[233];

     ULONG glReserved1[29];

     PVOID glReserved2;

     PVOID glSectionInfo;

     PVOID glSection;

     PVOID glTable;

     PVOID glCurrentRC;

     PVOID glContext;

     ULONG LastStatusValue;

     UNICODE_STRING StaticUnicodeString;

     WCHAR StaticUnicodeBuffer[261];

     PVOID DeallocationStack;

     VOID * TlsSlots[64];

     LIST_ENTRY TlsLinks;

     PVOID Vdm;

     PVOID ReservedForNtRpc;

     VOID * DbgSsReserved[2];

     ULONG HardErrorMode;

     VOID * Instrumentation[9];

     GUID ActivityId;

     PVOID SubProcessTag;

     PVOID EtwLocalData;

     PVOID EtwTraceData;

     PVOID WinSockData;

     ULONG GdiBatchCount;

     UCHAR SpareBool0;

     UCHAR SpareBool1;

     UCHAR SpareBool2;

     UCHAR IdealProcessor;

     ULONG GuaranteedStackBytes;

     PVOID ReservedForPerf;

     PVOID ReservedForOle;

     ULONG WaitingOnLoaderLock;

     PVOID SavedPriorityState;

     ULONG SoftPatchPtr1;

     PVOID ThreadPoolData;

     VOID * * TlsExpansionSlots;

     ULONG ImpersonationLocale;

     ULONG IsImpersonating;

     PVOID NlsCache;

     PVOID pShimData;

     ULONG HeapVirtualAffinity;

     PVOID CurrentTransactionHandle;

     PTEB_ACTIVE_FRAME ActiveFrame;

     PVOID FlsData;

     PVOID PreferredLanguages;

     PVOID UserPrefLanguages;

     PVOID MergedPrefLanguages;

     ULONG MuiImpersonation;

     WORD CrossTebFlags;

     ULONG SpareCrossTebBits: 16;

     WORD SameTebFlags;

     ULONG DbgSafeThunkCall: 1;

     ULONG DbgInDebugPrint: 1;

     ULONG DbgHasFiberData: 1;

     ULONG DbgSkipThreadAttach: 1;

     ULONG DbgWerInShipAssertCode: 1;

     ULONG DbgRanProcessInit: 1;

     ULONG DbgClonedThread: 1;

     ULONG DbgSuppressDebugMsg: 1;

     ULONG SpareSameTebBits: 8;

     PVOID TxnScopeEnterCallback;

     PVOID TxnScopeExitCallback;

     PVOID TxnScopeContext;

     ULONG LockCount;

     ULONG ProcessRundown;

     UINT64 LastSwitchTime;

     UINT64 TotalSwitchOutTime;

     LARGE_INTEGER WaitReasonBitMap;

} TEB, *PTEB;

TIB

typedef struct _NT_TIB

{

     PEXCEPTION_REGISTRATION_RECORD ExceptionList;

     PVOID StackBase;

     PVOID StackLimit;

     PVOID SubSystemTib;

     union

     {

          PVOID FiberData;

          ULONG Version;

     };

     PVOID ArbitraryUserPointer;

     PNT_TIB Self;

} NT_TIB, *PNT_TIB;

PEB

typedef struct _PEB

{

     UCHAR InheritedAddressSpace;

     UCHAR ReadImageFileExecOptions;

     UCHAR BeingDebugged;

     UCHAR BitField;

     ULONG ImageUsesLargePages: 1;

     ULONG IsProtectedProcess: 1;

     ULONG IsLegacyProcess: 1;

     ULONG IsImageDynamicallyRelocated: 1;

     ULONG SpareBits: 4;

     PVOID Mutant;

     PVOID ImageBaseAddress;

     PPEB_LDR_DATA Ldr;

     PRTL_USER_PROCESS_PARAMETERS ProcessParameters;

     PVOID SubSystemData;

     PVOID ProcessHeap;

     PRTL_CRITICAL_SECTION FastPebLock;

     PVOID AtlThunkSListPtr;

     PVOID IFEOKey;

     ULONG CrossProcessFlags;

     ULONG ProcessInJob: 1;

     ULONG ProcessInitializing: 1;

     ULONG ReservedBits0: 30;

     union

     {

          PVOID KernelCallbackTable;

          PVOID UserSharedInfoPtr;

     };

     ULONG SystemReserved[1];

     ULONG SpareUlong;

     PPEB_FREE_BLOCK FreeList;

     ULONG TlsExpansionCounter;

     PVOID TlsBitmap;

     ULONG TlsBitmapBits[2];

     PVOID ReadOnlySharedMemoryBase;

     PVOID HotpatchInformation;

     VOID * * ReadOnlyStaticServerData;

     PVOID AnsiCodePageData;

     PVOID OemCodePageData;

     PVOID UnicodeCaseTableData;

     ULONG NumberOfProcessors;

     ULONG NtGlobalFlag;

     LARGE_INTEGER CriticalSectionTimeout;

     ULONG HeapSegmentReserve;

     ULONG HeapSegmentCommit;

     ULONG HeapDeCommitTotalFreeThreshold;

     ULONG HeapDeCommitFreeBlockThreshold;

     ULONG NumberOfHeaps;

     ULONG MaximumNumberOfHeaps;

     VOID * * ProcessHeaps;

     PVOID GdiSharedHandleTable;

     PVOID ProcessStarterHelper;

     ULONG GdiDCAttributeList;

     PRTL_CRITICAL_SECTION LoaderLock;

     ULONG OSMajorVersion;

     ULONG OSMinorVersion;

     WORD OSBuildNumber;

     WORD OSCSDVersion;

     ULONG OSPlatformId;

     ULONG ImageSubsystem;

     ULONG ImageSubsystemMajorVersion;

     ULONG ImageSubsystemMinorVersion;

     ULONG ImageProcessAffinityMask;

     ULONG GdiHandleBuffer[34];

     PVOID PostProcessInitRoutine;

     PVOID TlsExpansionBitmap;

     ULONG TlsExpansionBitmapBits[32];

     ULONG SessionId;

     ULARGE_INTEGER AppCompatFlags;

     ULARGE_INTEGER AppCompatFlagsUser;

     PVOID pShimData;

     PVOID AppCompatInfo;

     UNICODE_STRING CSDVersion;

     _ACTIVATION_CONTEXT_DATA * ActivationContextData;

     _ASSEMBLY_STORAGE_MAP * ProcessAssemblyStorageMap;

     _ACTIVATION_CONTEXT_DATA * SystemDefaultActivationContextData;

     _ASSEMBLY_STORAGE_MAP * SystemAssemblyStorageMap;

     ULONG MinimumStackCommit;

     _FLS_CALLBACK_INFO * FlsCallback;

     LIST_ENTRY FlsListHead;

     PVOID FlsBitmap;

     ULONG FlsBitmapBits[4];

     ULONG FlsHighIndex;

     PVOID WerRegistrationData;

     PVOID WerShipAssertPtr;

} PEB, *PPEB;

http://www.nirsoft.net/kernel_struct/vista/TEB.html

Windows Vista Kernel Structures

TEB 、TIB、PEB--Vista 32的更多相关文章

  1. 外设位宽为8、16、32时,CPU与外设之间地址线的连接方法

    有不少人问到:flash连接CPU时,根据不同的数据宽度,比如16位的NOR FLASH (A0-A19),处理器的地址线要(A1-A20)左移偏1位.为什么要偏1位? (全文有点晦涩,建议收藏本文对 ...

  2. VC9、VC11、VC14、VC15库 32位 64位 免费下载

    VC9.VC11.VC14.VC15库 32位 64位 免费下载 更新版本的PHP是用VC11,VC14或VC15(分别为Visual Studio 2012,2015或2017编译器)构建的,并且包 ...

  3. Ansi、GB2312、GBK、Unicode(utf8、16、32)

    关于ansi,一般默认为本地编码方式,中文应该是gb编码 他们之间的关系在这边文章里描写的很清楚:http://blog.csdn.net/ldanduo/article/details/820353 ...

  4. 32位和64位系统下 int、char、long、double所占的内存

    32位和64位系统下 int.char.long.double所占内存

  5. FLASH位宽为8、16、32时,CPU与外设之间地址线的连接方法

    转 http://blog.csdn.net/linweig/article/details/5556819 flash连接CPU时,根据不同的数据宽度,比如16位的NOR FLASH (A0-A19 ...

  6. 友盟+U-APM应用性能报告:Android崩溃率达0.32%,OPPO 、华为、VIVO 崩溃表现良好

    ​随着信息技术高速发展,移动互联几乎已成为了一种生活方式的代名词,在全民上网的数字热潮中,如何能最大程度保障产品服务的稳定性,提供良好的用户体验,是当前企业都需要思考和亟待解决的问题.App的应用性能 ...

  7. 处理器核、Core、处理器、CPU区别&&指令集架构与微架构的区别&&32位与64位指令集架构说明

    1.处理器核.Core.处理器.CPU的区别 严格来说"处理器核"和" Core "是指处理器内部最核心的部分,是真正的处理器内核:而"处理器&quo ...

  8. Windows 常用运行库下载 (DirectX、VC++、.Net Framework等)

    经常听到有朋友抱怨他的电脑运行软件或者游戏时提示缺少什么 d3dx9_xx.dll 或 msvcp71.dll.msvcr71.dll又或者是 .Net Framework 初始化之类的错误而无法正常 ...

  9. Linux学习(CentOS-7)---磁盘分区(概念、分区方法、分区方案)

    1磁盘分区相关的概念 1.1什么是磁盘 磁盘就是计算机的外部存储器设备,即将圆形的磁性盘片装在一个方的密封盒子里,这样做的目的是为了防止磁盘表面划伤,导致数据丢失.简单地讲,就是一种计算机信息载体,也 ...

随机推荐

  1. Os-hackNos-1(drupal7+suid提权)

    一.信息收集 得到 ip是 192.168.56.101 , 端口开启了22和80,扫目录发现drupal 7 访问一下呢 在exploit-db上面搜索到存在相关的漏洞,而且是用直接上msf 使用第 ...

  2. vue & arrow function error

    vue & arrow function error <template> <div class="home"> <img alt=" ...

  3. js double 精度损失 bugs

    js double 精度损失 bugs const arr = [ 0.01, 0.01, 0.01, 0.01, 0.01, 0.01, 0.01, 0.01, 0.01, 0.01 ]; // [ ...

  4. ThoughtWorks Homework

    ThoughtWorks Homework Homework 考察知识点 项目搭建 技术选型 测试 编码风格 代码质量 设计模式 数据结构 算法 架构 开源协作 CI/CD DevOps Linux ...

  5. Open API collection

    Open API collection online API https://developer.github.com/v3/ https://developer.github.com/v4 http ...

  6. scroll calendar & scroll view

    scroll calendar & scroll view https://taro-docs.jd.com/taro/docs/components/viewContainer/scroll ...

  7. Dart: 执行shell命令

    1 创建包 >stagehand console-full 2 安装插件 process_run: ^0.10.1 3 编写 bin/main.dart ... import 'package: ...

  8. 阿里面试这样问:redis 为什么把简单的字符串设计成 SDS?

    2021开工第一天,就有小伙伴私信我,还给我分享了一道他面阿里的redis题(这家伙绝比已经拿到年终奖了),我看了以后觉得挺有意思,题目很简单,是那种典型的似懂非懂,常常容易被大家忽略的问题.这里整理 ...

  9. 微信附近的人,用redis也能实现?(GEO)

    相信微信附近的人的功能大家都应该用过 我可以很随意的通过我自己的定位能看到我附近的人,并且能看到那个人距离我的距离,大家有没有思考过这个是怎么实现的? 作为一个程序猿任何问题应该都有一个思考的过程,而 ...

  10. spring扩展点整理

    本文转载自spring扩展点整理 背景 Spring的强大和灵活性不用再强调了.而灵活性就是通过一系列的扩展点来实现的,这些扩展点给应用程序提供了参与Spring容器创建的过程,好多定制化的东西都需要 ...