mirror of https://github.com/tongzx/nt5src
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
452 lines
14 KiB
452 lines
14 KiB
/*++ BUILD Version: 0001 // Increment this if a change has global effects
|
|
|
|
Copyright (c) 2001 Microsoft Corporation
|
|
|
|
Module Name:
|
|
|
|
pebteb.w
|
|
|
|
Abstract:
|
|
|
|
Declarations of PEB and TEB, and some types contained in them.
|
|
|
|
Address the maintenance problem that resulted from PEB and TEB being
|
|
defined three times, once "native" in ntpsapi.w, and twice, 32bit and 64bit
|
|
in wow64t.w.
|
|
|
|
Author:
|
|
|
|
Jay Krell (JayKrell) April 2001
|
|
|
|
Revision History:
|
|
|
|
--*/
|
|
//
|
|
// This file is #included three times.
|
|
//
|
|
// 1) by ntpsapi.h, with no "unusual" macros defined, to declare
|
|
// PEB and TEB, and some types contained in them
|
|
// 2) by wow64t.h to declare PEB32 and TEB32, and some types contained in them
|
|
// 3) by wow64t.h to declare PEB64 and TEB64, and some types contained in them
|
|
//
|
|
// wow64t.h #defines the macro PEBTEB_BITS to guide the declarations.
|
|
//
|
|
|
|
#if defined(PEBTEB_BITS) /* This is defined by wow64t.h. */
|
|
|
|
/*
|
|
Any type that occurs in this header that changes size between 32bit and 64bit
|
|
platforms must have a #define here at the top and an #undef at the bottom.
|
|
|
|
Any type that is defined this header and changes size between 32bit and 64bit
|
|
platforms (structs with pointers), must have a #define and #undef for all
|
|
the "flavors" of name -- _FOO, FOO, PFOO, PCFOO, etc.
|
|
|
|
More "stable" types can be left manually defined three times in ntdef.w, wow64t.w, etc.
|
|
Less stable, maintenance problems, like PEB and TEB themselves, should be moved to this header.
|
|
Public types, as well, should remain in ntdef.w.
|
|
*/
|
|
|
|
#define PEBTEB_PRIVATE_PASTE(x,y) x##y
|
|
#define PEBTEB_PASTE(x,y) PEBTEB_PRIVATE_PASTE(x,y)
|
|
#if PEBTEB_BITS == 32
|
|
#define TYPE1 TYPE32(ignored)
|
|
#endif
|
|
#if PEBTEB_BITS == 64
|
|
#define TYPE1 TYPE64(ignored)
|
|
#endif
|
|
|
|
#define TYPE2(x) PEBTEB_PASTE(x, PEBTEB_BITS) /* FOO32 or FOO64 */
|
|
|
|
#define HANDLE TYPE1
|
|
#define SIZE_T TYPE1
|
|
#define PVOID TYPE1
|
|
#define PPVOID TYPE1
|
|
#define PPEB_FREE_BLOCK TYPE1
|
|
#define PPEB_LDR_DATA TYPE1
|
|
#define ULONG_PTR TYPE1
|
|
#define PPS_POST_PROCESS_INIT_ROUTINE TYPE1
|
|
#define PCSTR TYPE1
|
|
|
|
#define GDI_HANDLE_BUFFER TYPE2(GDI_HANDLE_BUFFER)
|
|
#define UNICODE_STRING TYPE2(UNICODE_STRING)
|
|
#define _PEB TYPE2(_PEB)
|
|
#define PEB TYPE2(PEB)
|
|
#define PPEB TYPE2(PPEB)
|
|
#define _TEB TYPE2(_TEB)
|
|
#define TEB TYPE2(TEB)
|
|
#define PTEB TYPE2(PTEB)
|
|
#define NT_TIB TYPE2(NT_TIB)
|
|
#define LIST_ENTRY TYPE2(LIST_ENTRY)
|
|
#define CLIENT_ID TYPE2(CLIENT_ID)
|
|
#define GDI_TEB_BATCH TYPE2(GDI_TEB_BATCH)
|
|
#define WX86THREAD TYPE2(WX86THREAD)
|
|
|
|
#define _ACTIVATION_CONTEXT_STACK TYPE2(_ACTIVATION_CONTEXT_STACK)
|
|
#define ACTIVATION_CONTEXT_STACK TYPE2(ACTIVATION_CONTEXT_STACK)
|
|
#define PACTIVATION_CONTEXT_STACK TYPE2(PACTIVATION_CONTEXT_STACK)
|
|
#define PCACTIVATION_CONTEXT_STACK TYPE2(PCACTIVATION_CONTEXT_STACK)
|
|
|
|
#define _TEB_ACTIVE_FRAME TYPE2(_TEB_ACTIVE_FRAME)
|
|
#define TEB_ACTIVE_FRAME TYPE2(TEB_ACTIVE_FRAME)
|
|
#define PTEB_ACTIVE_FRAME TYPE2(PTEB_ACTIVE_FRAME)
|
|
#define PCTEB_ACTIVE_FRAME TYPE2(PCTEB_ACTIVE_FRAME)
|
|
|
|
#define _TEB_ACTIVE_FRAME_CONTEXT TYPE2(_TEB_ACTIVE_FRAME_CONTEXT)
|
|
#define TEB_ACTIVE_FRAME_CONTEXT TYPE2(TEB_ACTIVE_FRAME_CONTEXT)
|
|
#define PTEB_ACTIVE_FRAME_CONTEXT TYPE2(PTEB_ACTIVE_FRAME_CONTEXT)
|
|
#define PCTEB_ACTIVE_FRAME_CONTEXT TYPE2(PCTEB_ACTIVE_FRAME_CONTEXT)
|
|
|
|
#define _TEB_ACTIVE_FRAME_EX TYPE2(_TEB_ACTIVE_FRAME_EX)
|
|
#define TEB_ACTIVE_FRAME_EX TYPE2(TEB_ACTIVE_FRAME_EX)
|
|
#define PTEB_ACTIVE_FRAME_EX TYPE2(PTEB_ACTIVE_FRAME_EX)
|
|
#define PCTEB_ACTIVE_FRAME_EX TYPE2(PCTEB_ACTIVE_FRAME_EX)
|
|
|
|
#define _TEB_ACTIVE_FRAME_CONTEXT_EX TYPE2(_TEB_ACTIVE_FRAME_CONTEXT_EX)
|
|
#define TEB_ACTIVE_FRAME_CONTEXT_EX TYPE2(TEB_ACTIVE_FRAME_CONTEXT_EX)
|
|
#define PTEB_ACTIVE_FRAME_CONTEXT_EX TYPE2(PTEB_ACTIVE_FRAME_CONTEXT_EX)
|
|
#define PCTEB_ACTIVE_FRAME_CONTEXT_EX TYPE2(PCTEB_ACTIVE_FRAME_CONTEXT_EX)
|
|
|
|
#define _ACTIVATION_CONTEXT_STACK_PERF_COUNTERS TYPE2(_ACTIVATION_CONTEXT_STACK_PERF_COUNTERS)
|
|
#define ACTIVATION_CONTEXT_STACK_PERF_COUNTERS TYPE2(ACTIVATION_CONTEXT_STACK_PERF_COUNTERS)
|
|
#define PACTIVATION_CONTEXT_STACK_PERF_COUNTERS TYPE2(PACTIVATION_CONTEXT_STACK_PERF_COUNTERS)
|
|
#define PCACTIVATION_CONTEXT_STACK_PERF_COUNTERS TYPE2(PCACTIVATION_CONTEXT_STACK_PERF_COUNTERS)
|
|
|
|
#define TYPE3(x) TYPE1
|
|
|
|
#else
|
|
|
|
#define TYPE3(x) x
|
|
|
|
#endif
|
|
|
|
typedef struct _PEB {
|
|
BOOLEAN InheritedAddressSpace; // These four fields cannot change unless the
|
|
BOOLEAN ReadImageFileExecOptions; //
|
|
BOOLEAN BeingDebugged; //
|
|
BOOLEAN SpareBool; //
|
|
HANDLE Mutant; // INITIAL_PEB structure is also updated.
|
|
|
|
PVOID ImageBaseAddress;
|
|
PPEB_LDR_DATA Ldr;
|
|
TYPE3(struct _RTL_USER_PROCESS_PARAMETERS*) ProcessParameters;
|
|
PVOID SubSystemData;
|
|
PVOID ProcessHeap;
|
|
TYPE3(struct _RTL_CRITICAL_SECTION*) FastPebLock;
|
|
PVOID FastPebLockRoutine;
|
|
PVOID FastPebUnlockRoutine;
|
|
ULONG EnvironmentUpdateCount;
|
|
PVOID KernelCallbackTable;
|
|
ULONG SystemReserved[1];
|
|
|
|
struct {
|
|
ULONG ExecuteOptions : 2;
|
|
ULONG SpareBits : 30;
|
|
};
|
|
|
|
|
|
PPEB_FREE_BLOCK FreeList;
|
|
ULONG TlsExpansionCounter;
|
|
PVOID TlsBitmap;
|
|
ULONG TlsBitmapBits[2]; // TLS_MINIMUM_AVAILABLE bits
|
|
PVOID ReadOnlySharedMemoryBase;
|
|
PVOID ReadOnlySharedMemoryHeap;
|
|
PPVOID ReadOnlyStaticServerData;
|
|
PVOID AnsiCodePageData;
|
|
PVOID OemCodePageData;
|
|
PVOID UnicodeCaseTableData;
|
|
|
|
//
|
|
// Useful information for LdrpInitialize
|
|
ULONG NumberOfProcessors;
|
|
ULONG NtGlobalFlag;
|
|
|
|
//
|
|
// Passed up from MmCreatePeb from Session Manager registry key
|
|
//
|
|
|
|
LARGE_INTEGER CriticalSectionTimeout;
|
|
SIZE_T HeapSegmentReserve;
|
|
SIZE_T HeapSegmentCommit;
|
|
SIZE_T HeapDeCommitTotalFreeThreshold;
|
|
SIZE_T HeapDeCommitFreeBlockThreshold;
|
|
|
|
//
|
|
// Where heap manager keeps track of all heaps created for a process
|
|
// Fields initialized by MmCreatePeb. ProcessHeaps is initialized
|
|
// to point to the first free byte after the PEB and MaximumNumberOfHeaps
|
|
// is computed from the page size used to hold the PEB, less the fixed
|
|
// size of this data structure.
|
|
//
|
|
|
|
ULONG NumberOfHeaps;
|
|
ULONG MaximumNumberOfHeaps;
|
|
PPVOID ProcessHeaps;
|
|
|
|
//
|
|
//
|
|
PVOID GdiSharedHandleTable;
|
|
PVOID ProcessStarterHelper;
|
|
ULONG GdiDCAttributeList;
|
|
PVOID LoaderLock;
|
|
|
|
//
|
|
// Following fields filled in by MmCreatePeb from system values and/or
|
|
// image header.
|
|
//
|
|
|
|
ULONG OSMajorVersion;
|
|
ULONG OSMinorVersion;
|
|
USHORT OSBuildNumber;
|
|
USHORT OSCSDVersion;
|
|
ULONG OSPlatformId;
|
|
ULONG ImageSubsystem;
|
|
ULONG ImageSubsystemMajorVersion;
|
|
ULONG ImageSubsystemMinorVersion;
|
|
ULONG_PTR ImageProcessAffinityMask;
|
|
GDI_HANDLE_BUFFER GdiHandleBuffer;
|
|
PPS_POST_PROCESS_INIT_ROUTINE PostProcessInitRoutine;
|
|
|
|
PVOID TlsExpansionBitmap;
|
|
ULONG TlsExpansionBitmapBits[32]; // TLS_EXPANSION_SLOTS bits
|
|
|
|
//
|
|
// Id of the Hydra session in which this process is running
|
|
//
|
|
ULONG SessionId;
|
|
|
|
//
|
|
// Filled in by LdrpInstallAppcompatBackend
|
|
//
|
|
ULARGE_INTEGER AppCompatFlags;
|
|
|
|
//
|
|
// ntuser appcompat flags
|
|
//
|
|
ULARGE_INTEGER AppCompatFlagsUser;
|
|
|
|
//
|
|
// Filled in by LdrpInstallAppcompatBackend
|
|
//
|
|
PVOID pShimData;
|
|
|
|
//
|
|
// Filled in by LdrQueryImageFileExecutionOptions
|
|
//
|
|
PVOID AppCompatInfo;
|
|
|
|
//
|
|
// Used by GetVersionExW as the szCSDVersion string
|
|
//
|
|
UNICODE_STRING CSDVersion;
|
|
|
|
//
|
|
// Fusion stuff
|
|
//
|
|
PVOID ActivationContextData;
|
|
PVOID ProcessAssemblyStorageMap;
|
|
PVOID SystemDefaultActivationContextData;
|
|
PVOID SystemAssemblyStorageMap;
|
|
|
|
//
|
|
// Enforced minimum initial commit stack
|
|
//
|
|
SIZE_T MinimumStackCommit;
|
|
|
|
} PEB, *PPEB;
|
|
|
|
//
|
|
// Fusion/sxs thread state information
|
|
//
|
|
|
|
#define ACTIVATION_CONTEXT_STACK_FLAG_QUERIES_DISABLED (0x00000001)
|
|
|
|
typedef struct _ACTIVATION_CONTEXT_STACK {
|
|
ULONG Flags;
|
|
ULONG NextCookieSequenceNumber;
|
|
PVOID ActiveFrame;
|
|
LIST_ENTRY FrameListCache;
|
|
|
|
#if NT_SXS_PERF_COUNTERS_ENABLED
|
|
struct _ACTIVATION_CONTEXT_STACK_PERF_COUNTERS {
|
|
ULONGLONG Activations;
|
|
ULONGLONG ActivationCycles;
|
|
ULONGLONG Deactivations;
|
|
ULONGLONG DeactivationCycles;
|
|
} Counters;
|
|
#endif // NT_SXS_PERF_COUNTERS_ENABLED
|
|
} ACTIVATION_CONTEXT_STACK, *PACTIVATION_CONTEXT_STACK;
|
|
|
|
typedef const ACTIVATION_CONTEXT_STACK *PCACTIVATION_CONTEXT_STACK;
|
|
|
|
#define TEB_ACTIVE_FRAME_CONTEXT_FLAG_EXTENDED (0x00000001)
|
|
|
|
typedef struct _TEB_ACTIVE_FRAME_CONTEXT {
|
|
ULONG Flags;
|
|
PCSTR FrameName;
|
|
} TEB_ACTIVE_FRAME_CONTEXT, *PTEB_ACTIVE_FRAME_CONTEXT;
|
|
|
|
typedef const struct _TEB_ACTIVE_FRAME_CONTEXT *PCTEB_ACTIVE_FRAME_CONTEXT;
|
|
|
|
typedef struct _TEB_ACTIVE_FRAME_CONTEXT_EX {
|
|
TEB_ACTIVE_FRAME_CONTEXT BasicContext;
|
|
PCSTR SourceLocation; // e.g. "Z:\foo\bar\baz.c"
|
|
} TEB_ACTIVE_FRAME_CONTEXT_EX, *PTEB_ACTIVE_FRAME_CONTEXT_EX;
|
|
|
|
typedef const struct _TEB_ACTIVE_FRAME_CONTEXT_EX *PCTEB_ACTIVE_FRAME_CONTEXT_EX;
|
|
|
|
#define TEB_ACTIVE_FRAME_FLAG_EXTENDED (0x00000001)
|
|
|
|
typedef struct _TEB_ACTIVE_FRAME {
|
|
ULONG Flags;
|
|
TYPE3(struct _TEB_ACTIVE_FRAME*) Previous;
|
|
PCTEB_ACTIVE_FRAME_CONTEXT Context;
|
|
} TEB_ACTIVE_FRAME, *PTEB_ACTIVE_FRAME;
|
|
|
|
typedef const struct _TEB_ACTIVE_FRAME *PCTEB_ACTIVE_FRAME;
|
|
|
|
typedef struct _TEB_ACTIVE_FRAME_EX {
|
|
TEB_ACTIVE_FRAME BasicFrame;
|
|
PVOID ExtensionIdentifier; // use address of your DLL Main or something unique to your mapping in the address space
|
|
} TEB_ACTIVE_FRAME_EX, *PTEB_ACTIVE_FRAME_EX;
|
|
|
|
typedef const struct _TEB_ACTIVE_FRAME_EX *PCTEB_ACTIVE_FRAME_EX;
|
|
|
|
typedef struct _TEB {
|
|
NT_TIB NtTib;
|
|
PVOID EnvironmentPointer;
|
|
CLIENT_ID ClientId;
|
|
PVOID ActiveRpcHandle;
|
|
PVOID ThreadLocalStoragePointer;
|
|
#if defined(PEBTEB_BITS)
|
|
PVOID ProcessEnvironmentBlock;
|
|
#else
|
|
PPEB ProcessEnvironmentBlock;
|
|
#endif
|
|
ULONG LastErrorValue;
|
|
ULONG CountOfOwnedCriticalSections;
|
|
PVOID CsrClientThread;
|
|
PVOID Win32ThreadInfo; // PtiCurrent
|
|
ULONG User32Reserved[26]; // user32.dll items
|
|
ULONG UserReserved[5]; // Winsrv SwitchStack
|
|
PVOID WOW32Reserved; // used by WOW
|
|
LCID CurrentLocale;
|
|
ULONG FpSoftwareStatusRegister; // offset known by outsiders!
|
|
PVOID SystemReserved1[54]; // Used by FP emulator
|
|
NTSTATUS ExceptionCode; // for RaiseUserException
|
|
ACTIVATION_CONTEXT_STACK ActivationContextStack; // Fusion activation stack
|
|
// sizeof(PVOID) is a way to express processor-dependence, more generally than #ifdef _WIN64
|
|
UCHAR SpareBytes1[48 - sizeof(PVOID) - sizeof(ACTIVATION_CONTEXT_STACK)];
|
|
GDI_TEB_BATCH GdiTebBatch; // Gdi batching
|
|
CLIENT_ID RealClientId;
|
|
HANDLE GdiCachedProcessHandle;
|
|
ULONG GdiClientPID;
|
|
ULONG GdiClientTID;
|
|
PVOID GdiThreadLocalInfo;
|
|
ULONG_PTR Win32ClientInfo[WIN32_CLIENT_INFO_LENGTH]; // User32 Client Info
|
|
PVOID glDispatchTable[233]; // OpenGL
|
|
ULONG_PTR glReserved1[29]; // OpenGL
|
|
PVOID glReserved2; // OpenGL
|
|
PVOID glSectionInfo; // OpenGL
|
|
PVOID glSection; // OpenGL
|
|
PVOID glTable; // OpenGL
|
|
PVOID glCurrentRC; // OpenGL
|
|
PVOID glContext; // OpenGL
|
|
ULONG LastStatusValue;
|
|
UNICODE_STRING StaticUnicodeString;
|
|
WCHAR StaticUnicodeBuffer[STATIC_UNICODE_BUFFER_LENGTH];
|
|
PVOID DeallocationStack;
|
|
PVOID TlsSlots[TLS_MINIMUM_AVAILABLE];
|
|
LIST_ENTRY TlsLinks;
|
|
PVOID Vdm;
|
|
PVOID ReservedForNtRpc;
|
|
PVOID DbgSsReserved[2];
|
|
ULONG HardErrorsAreDisabled;
|
|
PVOID Instrumentation[16];
|
|
PVOID WinSockData; // WinSock
|
|
ULONG GdiBatchCount;
|
|
BOOLEAN InDbgPrint;
|
|
BOOLEAN FreeStackOnTermination;
|
|
BOOLEAN HasFiberData;
|
|
BOOLEAN IdealProcessor;
|
|
ULONG Spare3;
|
|
PVOID ReservedForPerf;
|
|
PVOID ReservedForOle;
|
|
ULONG WaitingOnLoaderLock;
|
|
WX86THREAD Wx86Thread;
|
|
PPVOID TlsExpansionSlots;
|
|
#if (defined(_IA64_) && !defined(PEBTEB_BITS)) \
|
|
|| ((defined(_IA64_) || defined(_X86_)) && defined(PEBTEB_BITS) && PEBTEB_BITS == 64)
|
|
//
|
|
// These are in the native ia64 TEB, and the TEB64 for ia64 and x86.
|
|
//
|
|
PVOID DeallocationBStore;
|
|
PVOID BStoreLimit;
|
|
#endif
|
|
LCID ImpersonationLocale; // Current locale of impersonated user
|
|
ULONG IsImpersonating; // Thread impersonation status
|
|
PVOID NlsCache; // NLS thread cache
|
|
PVOID pShimData; // Per thread data used in the shim
|
|
ULONG HeapVirtualAffinity;
|
|
HANDLE CurrentTransactionHandle;// reserved for TxF transaction context
|
|
PTEB_ACTIVE_FRAME ActiveFrame;
|
|
} TEB;
|
|
typedef TEB *PTEB;
|
|
|
|
|
|
#undef TYPE3
|
|
|
|
#if defined(PEBTEB_BITS)
|
|
|
|
#undef PEBTEB_PRIVATE_PASTE
|
|
#undef PEBTEB_PASTE
|
|
#undef TYPE1
|
|
#undef TYPE2
|
|
|
|
#undef PCSTR
|
|
#undef HANDLE
|
|
#undef SIZE_T
|
|
#undef PVOID
|
|
#undef PPVOID
|
|
#undef PPEB_FREE_BLOCK
|
|
#undef PPEB_LDR_DATA
|
|
#undef ULONG_PTR
|
|
#undef PPS_POST_PROCESS_INIT_ROUTINE
|
|
#undef WX86THREAD
|
|
#undef GDI_HANDLE_BUFFER
|
|
#undef UNICODE_STRING
|
|
#undef _PEB
|
|
#undef PEB
|
|
#undef PPEB
|
|
#undef _TEB
|
|
#undef TEB
|
|
#undef PTEB
|
|
#undef NT_TIB
|
|
#undef LIST_ENTRY
|
|
#undef CLIENT_ID
|
|
#undef GDI_TEB_BATCH
|
|
#undef _ACTIVATION_CONTEXT_STACK
|
|
#undef ACTIVATION_CONTEXT_STACK
|
|
#undef PACTIVATION_CONTEXT_STACK
|
|
#undef PCACTIVATION_CONTEXT_STACK
|
|
#undef _TEB_ACTIVE_FRAME
|
|
#undef TEB_ACTIVE_FRAME
|
|
#undef PTEB_ACTIVE_FRAME
|
|
#undef PCTEB_ACTIVE_FRAME
|
|
#undef _TEB_ACTIVE_FRAME_CONTEXT
|
|
#undef TEB_ACTIVE_FRAME_CONTEXT
|
|
#undef PTEB_ACTIVE_FRAME_CONTEXT
|
|
#undef PCTEB_ACTIVE_FRAME_CONTEXT
|
|
#undef _TEB_ACTIVE_FRAME_EX
|
|
#undef TEB_ACTIVE_FRAME_EX
|
|
#undef PTEB_ACTIVE_FRAME_EX
|
|
#undef PCTEB_ACTIVE_FRAME_EX
|
|
#undef _TEB_ACTIVE_FRAME_CONTEXT_EX
|
|
#undef TEB_ACTIVE_FRAME_CONTEXT_EX
|
|
#undef PTEB_ACTIVE_FRAME_CONTEXT_EX
|
|
#undef PCTEB_ACTIVE_FRAME_CONTEXT_EX
|
|
#undef _ACTIVATION_CONTEXT_STACK_PERF_COUNTERS
|
|
#undef ACTIVATION_CONTEXT_STACK_PERF_COUNTERS
|
|
#undef PACTIVATION_CONTEXT_STACK_PERF_COUNTERS
|
|
#undef PCACTIVATION_CONTEXT_STACK_PERF_COUNTERS
|
|
#endif
|