Last active
October 7, 2023 10:54
-
-
Save HACKE-RC/687fdae74f80a83f32e24a9b593106a8 to your computer and use it in GitHub Desktop.
The Windows TEB data structure.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| struct _TEB { | |
| struct _NT_TIB NtTib; | |
| void *EnvironmentPointer; | |
| struct _CLIENT_ID ClientId; | |
| void *ActiveRpcHandle; | |
| void *ThreadLocalStoragePointer; | |
| struct _PEB *ProcessEnvironmentBlock; | |
| unsigned long LastErrorValue; | |
| unsigned long CountOfOwnedCriticalSections; | |
| void *CsrClientThread; | |
| void *Win32ThreadInfo; | |
| unsigned long User32Reserved[26]; | |
| unsigned long UserReserved[5]; | |
| void *WOW32Reserved; | |
| unsigned long CurrentLocale; | |
| unsigned long FpSoftwareStatusRegister; | |
| void *ReservedForDebuggerInstrumentation[16]; | |
| void *SystemReserved1[37]; | |
| unsigned int WorkingOnBehalfTicket[8]; | |
| long ExceptionCode; | |
| unsigned int Padding0[4]; | |
| struct _ACTIVATION_CONTEXT_STACK *ActivationContextStackPointer; | |
| unsigned int InstrumentationCallbackSp; | |
| unsigned int InstrumentationCallbackPreviousPc; | |
| unsigned int InstrumentationCallbackPreviousSp; | |
| unsigned long TxFsContext; | |
| unsigned int InstrumentationCallbackDisabled; | |
| unsigned int Padding1[3]; | |
| struct _GDI_TEB_BATCH GdiTebBatch; | |
| struct _CLIENT_ID RealClientId; | |
| void *GdiCachedProcessHandle; | |
| unsigned long GdiClientPID; | |
| unsigned long GdiClientTID; | |
| void *GdiThreadLocalInfo; | |
| unsigned int Win32ClientInfo[62]; | |
| void *glDispatchTable[233]; | |
| unsigned int glReserved1[29]; | |
| void *glReserved2; | |
| void *glSectionInfo; | |
| void *glSection; | |
| void *glTable; | |
| void *glCurrentRC; | |
| void *glContext; | |
| unsigned long LastStatusValue; | |
| unsigned int Padding2[4]; | |
| struct _UNICODE_STRING StaticUnicodeString; | |
| wchar_t StaticUnicodeBuffer[261]; | |
| unsigned int Padding3[6]; | |
| void *DeallocationStack; | |
| void *TlsSlots[64]; | |
| struct _LIST_ENTRY TlsLinks; | |
| void *Vdm; | |
| void *ReservedForNtRpc; | |
| void *DbgSsReserved[2]; | |
| unsigned long HardErrorMode; | |
| unsigned int Padding4[4]; | |
| void *Instrumentation[11]; | |
| struct _GUID ActivityId; | |
| void *SubProcessTag; | |
| void *PerflibData; | |
| void *EtwTraceData; | |
| void *WinSockData; | |
| unsigned long GdiBatchCount; | |
| struct _PROCESSOR_NUMBER CurrentIdealProcessor; | |
| unsigned long IdealProcessorValue; | |
| unsigned int ReservedPad0; | |
| unsigned int ReservedPad1; | |
| unsigned int ReservedPad2; | |
| unsigned int IdealProcessor; | |
| unsigned long GuaranteedStackBytes; | |
| unsigned int Padding5[4]; | |
| void *ReservedForPerf; | |
| void *ReservedForOle; | |
| unsigned long WaitingOnLoaderLock; | |
| unsigned int Padding6[4]; | |
| void *SavedPriorityState; | |
| unsigned int ReservedForCodeCoverage; | |
| void *ThreadPoolData; | |
| void **TlsExpansionSlots; | |
| void *DeallocationBStore; | |
| void *BStoreLimit; | |
| unsigned long MuiGeneration; | |
| unsigned long IsImpersonating; | |
| void *NlsCache; | |
| void *pShimData; | |
| unsigned int HeapVirtualAffinity; | |
| unsigned int LowFragHeapDataSlot; | |
| unsigned int Padding7[4]; | |
| void *CurrentTransactionHandle; | |
| struct _TEB_ACTIVE_FRAME *ActiveFrame; | |
| void *FlsData; | |
| void *PreferredLanguages; | |
| void *UserPrefLanguages; | |
| void *MergedPrefLanguages; | |
| unsigned long MuiImpersonation; | |
| unsigned int CrossTebFlags; | |
| unsigned int SpareCrossTebBits : 16; | |
| unsigned int SameTebFlags; | |
| unsigned int SafeThunkCall : 1; | |
| unsigned int InDebugPrint : 1; | |
| unsigned int HasFiberData : 1; | |
| unsigned int SkipThreadAttach : 1; | |
| unsigned int WerInShipAssertCode : 1; | |
| unsigned int RanProcessInit : 1; | |
| unsigned int ClonedThread : 1; | |
| unsigned int SuppressDebugMsg : 1; | |
| unsigned int DisableUserStackWalk : 1; | |
| unsigned int RtlExceptionAttached : 1; | |
| unsigned int InitialThread : 1; | |
| unsigned int SessionAware : 1; | |
| unsigned int LoadOwner : 1; | |
| unsigned int LoaderWorker : 1; | |
| unsigned int SpareSameTebBits : 2; | |
| void *TxnScopeEnterCallback; | |
| void *TxnScopeExitCallback; | |
| void *TxnScopeContext; | |
| unsigned long LockCount; | |
| long WowTebOffset; | |
| void *ResourceRetValue; | |
| void *ReservedForWdf; | |
| unsigned int ReservedForCrt; | |
| struct _GUID EffectiveContainerId; | |
| }; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment