유용한 지식 자료들/기타
TEB structure
아리스리
2012. 8. 9. 10:15
TEB structure
03.// Instead of using the Tls fields, use the Win32 TLS APIs 04.// TlsAlloc, TlsGetValue, TlsSetValue, TlsFree 05.// 06.// Instead of using the ReservedForOle field, use the COM API 07.// CoGetContextToken 08.// 09.typedef struct _TEB { 10. union { 11. struct { 12. BYTE Reserved1[1952]; 13. PVOID Reserved2[412]; 14. PVOID TlsSlots[64]; 15. BYTE Reserved3[8]; 16. PVOID Reserved4[26]; 17. PVOID ReservedForOle; // Windows 2000 only 18. PVOID Reserved5[4]; 19. PVOID TlsExpansionSlots; 20. }; 21. struct { 22. NT_TIB Tib; /* 000 */23. PVOID EnvironmentPointer; /* 01c */24. CLIENT_ID ClientId; /* 020 */25. PVOID ActiveRpcHandle; /* 028 */26. PVOID ThreadLocalStoragePointer; /* 02c */27. PPEB Peb; /* 030 */28. ULONG LastErrorValue; /* 034 */29. ULONG CountOfOwnedCriticalSections;/* 038 */30. PVOID CsrClientThread; /* 03c */31. PVOID Win32ThreadInfo; /* 040 */32. ULONG Win32ClientInfo[31]; /* 044 used for user32 private data in Wine */33. PVOID WOW32Reserved; /* 0c0 */34. ULONG CurrentLocale; /* 0c4 */35. ULONG FpSoftwareStatusRegister; /* 0c8 */36. PVOID SystemReserved1[54]; /* 0cc used for kernel32 private data in Wine */37. LONG ExceptionCode; /* 1a4 */38. ACTIVATION_CONTEXT_STACK ActivationContextStack; /* 1a8 */39. BYTE SpareBytes1[24]; /* 1bc used for ntdll private data in Wine */40. PVOID SystemReserved2[10]; /* 1d4 used for ntdll private data in Wine */41. GDI_TEB_BATCH GdiTebBatch; /* 1fc used for vm86 private data in Wine */42. ULONG gdiRgn; /* 6dc */43. ULONG gdiPen; /* 6e0 */44. ULONG gdiBrush; /* 6e4 */45. CLIENT_ID RealClientId; /* 6e8 */46. HANDLE GdiCachedProcessHandle; /* 6f0 */47. ULONG GdiClientPID; /* 6f4 */48. ULONG GdiClientTID; /* 6f8 */49. PVOID GdiThreadLocaleInfo; /* 6fc */50. PVOID UserReserved[5]; /* 700 */51. PVOID glDispachTable[280]; /* 714 */52. ULONG glReserved1[26]; /* b74 */53. PVOID glReserved2; /* bdc */54. PVOID glSectionInfo; /* be0 */55. PVOID glSection; /* be4 */56. PVOID glTable; /* be8 */57. PVOID glCurrentRC; /* bec */58. PVOID glContext; /* bf0 */59. ULONG LastStatusValue; /* bf4 */60. UNICODE_STRING StaticUnicodeString; /* bf8 used by advapi32 */61. WCHAR StaticUnicodeBuffer[261]; /* c00 used by advapi32 */62. PVOID DeallocationStack; /* e0c */63. PVOID TlsSlots_[64]; /* e10 */64. LIST_ENTRY TlsLinks; /* f10 */65. PVOID Vdm; /* f18 */66. PVOID ReservedForNtRpc; /* f1c */67. PVOID DbgSsReserved[2]; /* f20 */68. ULONG HardErrorDisabled; /* f28 */69. PVOID Instrumentation[16]; /* f2c */70. PVOID WinSockData; /* f6c */71. ULONG GdiBatchCount; /* f70 */72. ULONG Spare2; /* f74 */73. ULONG Spare3; /* f78 */74. ULONG Spare4; /* f7c */75. PVOID ReservedForOle_; /* f80 */76. ULONG WaitingOnLoaderLock; /* f84 */77. PVOID Reserved5_[3]; /* f88 */78. PVOID *TlsExpansionSlots_; /* f94 */79. ULONG ImpersonationLocale; /* f98 */80. ULONG IsImpersonating; /* f9c */81. PVOID NlsCache; /* fa0 */82. PVOID ShimData; /* fa4 */83. ULONG HeapVirtualAffinity; /* fa8 */84. PVOID CurrentTransactionHandle; /* fac */85. PVOID ActiveFrame; /* fb0 */86. PVOID *FlsSlots; /* fb4 */87. struct _TEB *self; 88. }; 89. }; 90.} TEB; 91.typedef TEB *PTEB;