TEB

struct TEB

typedef struct _TEB

{

     NT_TIB NtTib;

     PVOID EnvironmentPointer;

     CLIENT_ID ClientId;

     PVOID ActiveRpcHandle;

     PVOID ThreadLocalStoragePointer;

     PPEB ProcessEnvironmentBlock;

     ULONG LastErrorValue;

     ULONG CountOfOwnedCriticalSections;

     PVOID CsrClientThread;

     PVOID Win32ThreadInfo;

     ULONG User32Reserved[26];

     ULONG UserReserved[5];

     PVOID WOW32Reserved;

     ULONG CurrentLocale;

     ULONG FpSoftwareStatusRegister;

     VOID * SystemReserved1[54];

     LONG ExceptionCode;

     PACTIVATION_CONTEXT_STACK ActivationContextStackPointer;

     UCHAR SpareBytes1[36];

     ULONG TxFsContext;

     GDI_TEB_BATCH GdiTebBatch;

     CLIENT_ID RealClientId;

     PVOID GdiCachedProcessHandle;

     ULONG GdiClientPID;

     ULONG GdiClientTID;

     PVOID GdiThreadLocalInfo;

     ULONG Win32ClientInfo[62];

     VOID * glDispatchTable[233];

     ULONG glReserved1[29];

     PVOID glReserved2;

     PVOID glSectionInfo;

     PVOID glSection;

     PVOID glTable;

     PVOID glCurrentRC;

     PVOID glContext;

     ULONG LastStatusValue;

     UNICODE_STRING StaticUnicodeString;

     WCHAR StaticUnicodeBuffer[261];

     PVOID DeallocationStack;

     VOID * TlsSlots[64];

     LIST_ENTRY TlsLinks;

     PVOID Vdm;

     PVOID ReservedForNtRpc;

     VOID * DbgSsReserved[2];

     ULONG HardErrorMode;

     VOID * Instrumentation[9];

     GUID ActivityId;

     PVOID SubProcessTag;

     PVOID EtwLocalData;

     PVOID EtwTraceData;

     PVOID WinSockData;

     ULONG GdiBatchCount;

     UCHAR SpareBool0;

     UCHAR SpareBool1;

     UCHAR SpareBool2;

     UCHAR IdealProcessor;

     ULONG GuaranteedStackBytes;

     PVOID ReservedForPerf;

     PVOID ReservedForOle;

     ULONG WaitingOnLoaderLock;

     PVOID SavedPriorityState;

     ULONG SoftPatchPtr1;

     PVOID ThreadPoolData;

     VOID * * TlsExpansionSlots;

     ULONG ImpersonationLocale;

     ULONG IsImpersonating;

     PVOID NlsCache;

     PVOID pShimData;

     ULONG HeapVirtualAffinity;

     PVOID CurrentTransactionHandle;

     PTEB_ACTIVE_FRAME ActiveFrame;

     PVOID FlsData;

     PVOID PreferredLanguages;

     PVOID UserPrefLanguages;

     PVOID MergedPrefLanguages;

     ULONG MuiImpersonation;

     WORD CrossTebFlags;

     ULONG SpareCrossTebBits: 16;

     WORD SameTebFlags;

     ULONG DbgSafeThunkCall: 1;

     ULONG DbgInDebugPrint: 1;

     ULONG DbgHasFiberData: 1;

     ULONG DbgSkipThreadAttach: 1;

     ULONG DbgWerInShipAssertCode: 1;

     ULONG DbgRanProcessInit: 1;

     ULONG DbgClonedThread: 1;

     ULONG DbgSuppressDebugMsg: 1;

     ULONG SpareSameTebBits: 8;

     PVOID TxnScopeEnterCallback;

     PVOID TxnScopeExitCallback;

     PVOID TxnScopeContext;

     ULONG LockCount;

     ULONG ProcessRundown;

     UINT64 LastSwitchTime;

     UINT64 TotalSwitchOutTime;

     LARGE_INTEGER WaitReasonBitMap;

} TEB, *PTEB;

TIB

typedef struct _NT_TIB

{

     PEXCEPTION_REGISTRATION_RECORD ExceptionList;

     PVOID StackBase;

     PVOID StackLimit;

     PVOID SubSystemTib;

     union

     {

          PVOID FiberData;

          ULONG Version;

     };

     PVOID ArbitraryUserPointer;

     PNT_TIB Self;

} NT_TIB, *PNT_TIB;

PEB

typedef struct _PEB

{

     UCHAR InheritedAddressSpace;

     UCHAR ReadImageFileExecOptions;

     UCHAR BeingDebugged;

     UCHAR BitField;

     ULONG ImageUsesLargePages: 1;

     ULONG IsProtectedProcess: 1;

     ULONG IsLegacyProcess: 1;

     ULONG IsImageDynamicallyRelocated: 1;

     ULONG SpareBits: 4;

     PVOID Mutant;

     PVOID ImageBaseAddress;

     PPEB_LDR_DATA Ldr;

     PRTL_USER_PROCESS_PARAMETERS ProcessParameters;

     PVOID SubSystemData;

     PVOID ProcessHeap;

     PRTL_CRITICAL_SECTION FastPebLock;

     PVOID AtlThunkSListPtr;

     PVOID IFEOKey;

     ULONG CrossProcessFlags;

     ULONG ProcessInJob: 1;

     ULONG ProcessInitializing: 1;

     ULONG ReservedBits0: 30;

     union

     {

          PVOID KernelCallbackTable;

          PVOID UserSharedInfoPtr;

     };

     ULONG SystemReserved[1];

     ULONG SpareUlong;

     PPEB_FREE_BLOCK FreeList;

     ULONG TlsExpansionCounter;

     PVOID TlsBitmap;

     ULONG TlsBitmapBits[2];

     PVOID ReadOnlySharedMemoryBase;

     PVOID HotpatchInformation;

     VOID * * ReadOnlyStaticServerData;

     PVOID AnsiCodePageData;

     PVOID OemCodePageData;

     PVOID UnicodeCaseTableData;

     ULONG NumberOfProcessors;

     ULONG NtGlobalFlag;

     LARGE_INTEGER CriticalSectionTimeout;

     ULONG HeapSegmentReserve;

     ULONG HeapSegmentCommit;

     ULONG HeapDeCommitTotalFreeThreshold;

     ULONG HeapDeCommitFreeBlockThreshold;

     ULONG NumberOfHeaps;

     ULONG MaximumNumberOfHeaps;

     VOID * * ProcessHeaps;

     PVOID GdiSharedHandleTable;

     PVOID ProcessStarterHelper;

     ULONG GdiDCAttributeList;

     PRTL_CRITICAL_SECTION LoaderLock;

     ULONG OSMajorVersion;

     ULONG OSMinorVersion;

     WORD OSBuildNumber;

     WORD OSCSDVersion;

     ULONG OSPlatformId;

     ULONG ImageSubsystem;

     ULONG ImageSubsystemMajorVersion;

     ULONG ImageSubsystemMinorVersion;

     ULONG ImageProcessAffinityMask;

     ULONG GdiHandleBuffer[34];

     PVOID PostProcessInitRoutine;

     PVOID TlsExpansionBitmap;

     ULONG TlsExpansionBitmapBits[32];

     ULONG SessionId;

     ULARGE_INTEGER AppCompatFlags;

     ULARGE_INTEGER AppCompatFlagsUser;

     PVOID pShimData;

     PVOID AppCompatInfo;

     UNICODE_STRING CSDVersion;

     _ACTIVATION_CONTEXT_DATA * ActivationContextData;

     _ASSEMBLY_STORAGE_MAP * ProcessAssemblyStorageMap;

     _ACTIVATION_CONTEXT_DATA * SystemDefaultActivationContextData;

     _ASSEMBLY_STORAGE_MAP * SystemAssemblyStorageMap;

     ULONG MinimumStackCommit;

     _FLS_CALLBACK_INFO * FlsCallback;

     LIST_ENTRY FlsListHead;

     PVOID FlsBitmap;

     ULONG FlsBitmapBits[4];

     ULONG FlsHighIndex;

     PVOID WerRegistrationData;

     PVOID WerShipAssertPtr;

} PEB, *PPEB;

http://www.nirsoft.net/kernel_struct/vista/TEB.html

Windows Vista Kernel Structures

TEB 、TIB、PEB--Vista 32的更多相关文章

  1. 外设位宽为8、16、32时,CPU与外设之间地址线的连接方法

    有不少人问到:flash连接CPU时,根据不同的数据宽度,比如16位的NOR FLASH (A0-A19),处理器的地址线要(A1-A20)左移偏1位.为什么要偏1位? (全文有点晦涩,建议收藏本文对 ...

  2. VC9、VC11、VC14、VC15库 32位 64位 免费下载

    VC9.VC11.VC14.VC15库 32位 64位 免费下载 更新版本的PHP是用VC11,VC14或VC15(分别为Visual Studio 2012,2015或2017编译器)构建的,并且包 ...

  3. Ansi、GB2312、GBK、Unicode(utf8、16、32)

    关于ansi,一般默认为本地编码方式,中文应该是gb编码 他们之间的关系在这边文章里描写的很清楚:http://blog.csdn.net/ldanduo/article/details/820353 ...

  4. 32位和64位系统下 int、char、long、double所占的内存

    32位和64位系统下 int.char.long.double所占内存

  5. FLASH位宽为8、16、32时,CPU与外设之间地址线的连接方法

    转 http://blog.csdn.net/linweig/article/details/5556819 flash连接CPU时,根据不同的数据宽度,比如16位的NOR FLASH (A0-A19 ...

  6. 友盟+U-APM应用性能报告:Android崩溃率达0.32%,OPPO 、华为、VIVO 崩溃表现良好

    ​随着信息技术高速发展,移动互联几乎已成为了一种生活方式的代名词,在全民上网的数字热潮中,如何能最大程度保障产品服务的稳定性,提供良好的用户体验,是当前企业都需要思考和亟待解决的问题.App的应用性能 ...

  7. 处理器核、Core、处理器、CPU区别&&指令集架构与微架构的区别&&32位与64位指令集架构说明

    1.处理器核.Core.处理器.CPU的区别 严格来说"处理器核"和" Core "是指处理器内部最核心的部分,是真正的处理器内核:而"处理器&quo ...

  8. Windows 常用运行库下载 (DirectX、VC++、.Net Framework等)

    经常听到有朋友抱怨他的电脑运行软件或者游戏时提示缺少什么 d3dx9_xx.dll 或 msvcp71.dll.msvcr71.dll又或者是 .Net Framework 初始化之类的错误而无法正常 ...

  9. Linux学习(CentOS-7)---磁盘分区(概念、分区方法、分区方案)

    1磁盘分区相关的概念 1.1什么是磁盘 磁盘就是计算机的外部存储器设备,即将圆形的磁性盘片装在一个方的密封盒子里,这样做的目的是为了防止磁盘表面划伤,导致数据丢失.简单地讲,就是一种计算机信息载体,也 ...

随机推荐

  1. ARM汇编指令-STMFD/LDMFD

    根据调用规则ATPCS,程序一般都使用FD(FullDescending)类型的数据栈(满栈),那么对立的就由空栈类型的数据栈.空栈是指SP操作完后指向的地址空间是未使用的,反之满栈就是SP指向的地址 ...

  2. 014.NET5_MVC_Razor扩展Html控件02

    第二种方法: 通过一个后台方法,返回一个不存在的html标签字符串,在读取的时候,通过后台方法去渲染成需要的标签和内容: 1. 定义一个普通类,类名称建议以TagHelper结尾,并且给类添加特性[H ...

  3. R语言学习2:绘图

    本系列是一个新的系列,在此系列中,我将和大家共同学习R语言.由于我对R语言的了解也甚少,所以本系列更多以一个学习者的视角来完成. 参考教材:<R语言实战>第二版(Robert I.Kaba ...

  4. SwiftUI & MVVM

    SwiftUI & MVVM design paradigm / 设计模式 MVVM Model View ViewModel MVVM Architecture 架构 MVC Model V ...

  5. angular-2-tutorial-2017

    # angular-2-tutorial-2017https://www.sitepoint.com/understanding-component-architecture-angular/http ...

  6. PWA & Service Workers 版本更新 bug

    PWA & Service Workers 版本更新 bug PWA & Service Worker https://developer.mozilla.org/zh-CN/docs ...

  7. Android 之 EditText

    1.使用EditText 的SetInput的方法设置输入类型: 1 //输入类型为没有指定明确的类型的特殊内容类型 2 editText.setInputType(InputType.TYPE_NU ...

  8. Java HashMap源码分析(含散列表、红黑树、扰动函数等重点问题分析)

    写在最前面 这个项目是从20年末就立好的 flag,经过几年的学习,回过头再去看很多知识点又有新的理解.所以趁着找实习的准备,结合以前的学习储备,创建一个主要针对应届生和初学者的 Java 开源知识项 ...

  9. 必知必会之 Java

    必知必会之 Java 目录 不定期更新中-- 基础知识 数据计量单位 面向对象三大特性 基础数据类型 注释格式 访问修饰符 运算符 算数运算符 关系运算符 位运算符 逻辑运算符 赋值运算符 三目表达式 ...

  10. RabbitMQ(一)安装篇

    1. RabbitMQ 的介绍➢ 什么是 MQ?MQ 全称为 Message Queue, 消息队列(MQ)是一种应用程序对应用程序的通信方法.➢ 要解决什么样的问题?在项目中,将一些无需即时返回且耗 ...