TEB-Thread-Environment-Block

From aldeid
Jump to navigation Jump to search

Description

The Thread Environment Block (TEB) structure describes the state of a thread. It is accessible from the FS segment register.

Syntax

struct _TEB {
    0x000 _NT_TIB NtTib;
    0x01c void* EnvironmentPointer;
    0x020 _CLIENT_ID ClientId;
    0x028 void* ActiveRpcHandle;
    0x02c void* ThreadLocalStoragePointer;
    0x030 _PEB* ProcessEnvironmentBlock;  /* In WinNT (incl. Win 2K, XP, and Vista), the most significant bit of the PEB pointer is typically never set, because high memory addresses are reserved for the OS. */
    0x034 DWORD LastErrorValue;
    0x038 DWORD CountOfOwnedCriticalSections;
    0x03c void* CsrClientThread;
    0x040 void* Win32ThreadInfo;
    0x044 DWORD User32Reserved[26];
    0x0ac DWORD UserReserved[5];
    0x0c0 void* WOW32Reserved;
    0x0c4 DWORD CurrentLocale;
    0x0c8 DWORD FpSoftwareStatusRegister;
    0x0cc void* SystemReserved1[54];
    0x1a4 int ExceptionCode;
    0x1a8 _ACTIVATION_CONTEXT_STACK ActivationContextStack;
    0x1bc DWORD SpareBytes1[24];
    0x1d4 _GDI_TEB_BATCH GdiTebBatch;
    0x6b4 _CLIENT_ID RealClientId;
    0x6bc void* GdiCachedProcessHandle;
    0x6c0 DWORD GdiClientPID;
    0x6c4 DWORD GdiClientTID;
    0x6c8 void* GdiThreadLocalInfo;
    0x6cc DWORD Win32ClientInfo[62];
    0x7c4 void* glDispatchTable[233];
    0xb68 DWORD glReserved1[29];
    0xbdc void* glReserved2;
    0xbe0 void* glSectionInfo;
    0xbe4 void* glSection;
    0xbe8 void* glTable;
    0xbec void* glCurrentRC;
    0xbf0 void* glContext;
    0xbf4 DWORD LastStatusValue;
    0xbf8 _UNICODE_STRING StaticUnicodeString;
    0xc00 WORD StaticUnicodeBuffer[261];
    0xe0c void* DeallocationStack;
    0xe10 void* TlsSlots[64];
    0xf10 _LIST_ENTRY TlsLinks;
    0xf18 void* Vdm;
    0xf1c void* ReservedForNtRpc;
    0xf20 void* DbgSsReserved[2];
    0xf28 DWORD HardErrorsAreDisabled;
    0xf2c void* Instrumentation[16];
    0xf6c void* WinSockData;
    0xf70 DWORD GdiBatchCount;
    0xf74 UChar InDbgPrint;
    0xf75 UChar FreeStackOnTermination;
    0xf76 UChar HasFiberData;
    0xf77 UChar IdealProcessor;
    0xf78 DWORD Spare3;
    0xf7c void* ReservedForPerf;
    0xf80 void* ReservedForOle;
    0xf84 DWORD WaitingOnLoaderLock;
    0xf88 _Wx86ThreadState Wx86Thread;
    0xf94 void** TlsExpansionSlots;
    0xf98 DWORD ImpersonationLocale;
    0xf9c DWORD IsImpersonating;
    0xfa0 void* NlsCache;
    0xfa4 void* pShimData;
    0xfa8 DWORD HeapVirtualAffinity;
    0xfac void* CurrentTransactionHandle;
    0xfb0 _TEB_ACTIVE_FRAME* ActiveFrame;
};
Retrieved from "https://www.aldeid.com/w/index.php?title=TEB-Thread-Environment-Block&oldid=29236"