zoukankan      html  css  js  c++  java

  • FS寄存器

    FS寄存器指向当前活动线程的TEB结构(线程结构)
    偏移  说明
    000  指向SEH链指针
    004  线程堆栈顶部
    008  线程堆栈底部
    00C  SubSystemTib
    010  FiberData
    014  ArbitraryUserPointer
    018  FS段寄存器在内存中的镜像地址
    020  进程PID
    024  线程ID
    02C  指向线程局部存储指针
    030  PEB结构地址(进程结构)
    034  上个错误号

    fs:[30]->PEB
    typedef struct _PEB {               // Size: 0x1D8
        000h    UCHAR           InheritedAddressSpace;
        001h    UCHAR           ReadImageFileExecOptions;
        002h    UCHAR           BeingDebugged;              //Debug运行标志
        003h    UCHAR           SpareBool;
        004h    HANDLE          Mutant;
        008h    HINSTANCE       ImageBaseAddress;           //程序加载的基地址
        00Ch    struct _PEB_LDR_DATA    *Ldr                //Ptr32 _PEB_LDR_DATA
        010h    struct _RTL_USER_PROCESS_PARAMETERS  *ProcessParameters;
        014h    ULONG           SubSystemData;
        018h    HANDLE          DefaultHeap;
        01Ch    KSPIN_LOCK      FastPebLock;
        020h    ULONG           FastPebLockRoutine;
        024h    ULONG           FastPebUnlockRoutine;
        028h    ULONG           EnvironmentUpdateCount;
        02Ch    ULONG           KernelCallbackTable;
        030h    LARGE_INTEGER   SystemReserved;
        038h    struct _PEB_FREE_BLOCK  *FreeList
        03Ch    ULONG           TlsExpansionCounter;
        040h    ULONG           TlsBitmap;
        044h    LARGE_INTEGER   TlsBitmapBits;
        04Ch    ULONG           ReadOnlySharedMemoryBase;
        050h    ULONG           ReadOnlySharedMemoryHeap;

     异常处理信息:

    fs[0]->*ExceptionList

    typedef struc _EXCEPTION_REGISTRATION
    {
        struc EXCEPTION_REGISTRATION    *Prev;      //前一个_EXCEPTION_REGISTRATION结构
        DWORD                           Handler;    //异常处理过程地址
        struct scopetable_entry         *scopetable;
        int                             trylevel;
        int                             _ebp;
        PEXCEPTION_POINTERS             xpointers;
    }
        EXCEPTION_REGISTRATION,
        *PEXCEPTION_REGISTRATION;
    ////////////////////////////////////////////////
    typedef struct _EXCEPTION_POINTERS
    {
        PEXCEPTION_RECORD   ExceptionRecord;        //指向一个EXCEPTION_RECORD结构
        PCONTEXT            ContextRecord;          //指向向一个CONTEXT结构
    }
        EXCEPTION_POINTERS,
        *PEXCEPTION_POINTERS;
    /////////////////////////////////////////////////
    typedef struct _EXCEPTION_RECORD
    {
      00h  DWORD                     ExceptionCode;      //异常事件码
      04h  DWORD                     ExceptionFlags;     //标志
      08h  struct _EXCEPTION_RECORD  *ExceptionRecord;   //下一个EXCEPTION_RECORD结构地址
      0ch  PVOID                     ExceptionAddress;   //异常发生的地址
      10h  DWORD                     NumberParameters;   //ExceptionInformation的dword数目
      14h  ULONG_PTR ExceptionInformation[EXCEPTION_MAXIMUM_PARAMETERS];
    } 1ch
        EXCEPTION_RECORD;

        typedef     EXCEPTION_RECORD        *PEXCEPTION_RECORD;
        #define     EXCEPTION_MAXIMUM_PARAMETERS    15
    /////////////////////////////////////////////////////////////////
    typedef struct _CONTEXT {
        DWORD           ContextFlags    // -|               +00h
        DWORD           Dr0             //  |               +04h
        DWORD           Dr1             //  |               +08h
        DWORD           Dr2             //  >调试寄存器     +0Ch
        DWORD           Dr3             //  |               +10h
        DWORD           Dr6             //  |               +14h
        DWORD           Dr7             // -|               +18h

        FLOATING_SAVE_AREA FloatSave;   //浮点寄存器区      +1Ch~~~88h

        DWORD           SegGs           //-|                +8Ch
        DWORD           SegFs           // |\段寄存器       +90h
        DWORD           SegEs           // |/               +94h
        DWORD           SegDs           //-|                +98h

        DWORD           Edi             //________          +9Ch
        DWORD           Esi             // |  通用          +A0h
        DWORD           Ebx             // |   寄           +A4h
        DWORD           Edx             // |   存           +A8h
        DWORD           Ecx             // |   器           +ACh
        DWORD           Eax             //_|___组_          +B0h

        DWORD           Ebp             //++++++            +B4h
        DWORD           Eip             // |控制            +B8h
        DWORD           SegCs           // |寄存            +BCh
        DWORD           EFlag           // |器组            +C0h
        DWORD           Esp             // |                +C4h
        DWORD           SegSs           //++++++            +C8h

        BYTE    ExtendedRegisters[MAXIMUM_SUPPORTED_EXTENSION];
    } CONTEXT;
        typedef     CONTEXT     *PCONTEXT;
        #define     MAXIMUM_SUPPORTED_EXTENSION     512

        054h    ULONG           ReadOnlyStaticServerData;
        058h    ULONG           AnsiCodePageData;
        05Ch    ULONG           OemCodePageData;
        060h    ULONG           UnicodeCaseTableData;
        064h    ULONG           NumberOfProcessors;
        068h    LARGE_INTEGER   NtGlobalFlag;               // Address of a local copy
        070h    LARGE_INTEGER   CriticalSectionTimeout;
        078h    ULONG           HeapSegmentReserve;
        07Ch    ULONG           HeapSegmentCommit;
        080h    ULONG           HeapDeCommitTotalFreeThreshold;
        084h    ULONG           HeapDeCommitFreeBlockThreshold;
        088h    ULONG           NumberOfHeaps;
        08Ch    ULONG           MaximumNumberOfHeaps;
        090h    ULONG           ProcessHeaps;
        094h    ULONG           GdiSharedHandleTable;
        098h    ULONG           ProcessStarterHelper;
        09Ch    ULONG           GdiDCAttributeList;
        0A0h    KSPIN_LOCK      LoaderLock;
        0A4h    ULONG           OSMajorVersion;
        0A8h    ULONG           OSMinorVersion;
        0ACh    USHORT          OSBuildNumber;
        0AEh    USHORT          OSCSDVersion;
        0B0h    ULONG           OSPlatformId;
        0B4h    ULONG           ImageSubsystem;
        0B8h    ULONG           ImageSubsystemMajorVersion;
        0BCh    ULONG           ImageSubsystemMinorVersion;
        0C0h    ULONG           ImageProcessAffinityMask;
        0C4h    ULONG           GdiHandleBuffer[0x22];
        14Ch    ULONG           PostProcessInitRoutine;
        150h    ULONG           TlsExpansionBitmap;
        154h    UCHAR           TlsExpansionBitmapBits[0x80];
        1D4h    ULONG           SessionId;
    } PEB, *PPEB;
  • 相关阅读:
    sessionStorage 前端HTML5会话管理
    html多文件上传,可支持预览
    com.alibaba.druid.pool.DruidDataSource : {dataSource2} init error
    MybatisPlus 3.0代码生成器
    Node.js、npm、vuecli 的安装配置环境变量
    vuecli +echartsamap集成echarts和高德地图TypeError: Cannot read property 'dataToPoint' of null解决方案
    SpringBoot2.0+MybatisPlus3.0+Druid1.1.10 一站式整合
    MySQL DATE_FORMAT函数使用
    shiro使用redis作为缓存,出现要清除缓存时报错 java.lang.Exception: Failed to deserialize at org.crazycake.shiro.SerializeUtils.deserialize(SerializeUtils.java:41) ~[shiroredis2.4.2.1RELEASE.jar:na]
    【接口时序】4、SPI总线的原理与Verilog实现
  • 原文地址:https://www.cnblogs.com/dsky/p/2358864.html
Copyright © 2011-2022 走看看