ntdll/kernel32: #25

Eric Pouech pouech-eric at wanadoo.fr
Tue May 20 15:26:08 CDT 2003


Alexandre Julliard wrote:
> Eric Pouech <pouech-eric at wanadoo.fr> writes:
> 
> 
>>- access to PROCESS_PARAMETERS from kernel32: currently this is done
>>by exporting a function pointer from ntdll, but this is not a good
>>solution IMO. Should we better: 1/ create a real PEB and store it at
>>its real offset. 2/ store the pointer to PROCESS_PARAMETER in the PDB
>>(even if it doesn't exist in PDB but in PEB) at an unused offset (I
>>don't think it's really doable to merge PDB and PEB, or we'll have to
>>trash PDB.exit_code)
> 
> 
> PDB and PEB are really the same thing, so they definitely have to be
> merged.
> 
easier said than done
if I make a side by side comparison (see wide text file attached) there 
are very few similarities:
- except at the offsets 0x008 and 0x018 where we have similar items, the 
rest is quite different
- I added the offset we actually (and explicitely) use from the PDB (r 
means the offset is read from code, w means written. I assume the -w 
case is when we expect some program to directly access the fields)

so I'll add the PROCESS_PARAMETERS pointer in the merged PDB/PEB at an 
unused offset (as 0x10 is already used by the PDB). 0x14 will do fine.

A+

-- 
Eric Pouech
-------------- next part --------------
 Offset	|PDB								|PEB
--------+---------------------------------------------------------------+----------------------------------------------
000	|LONG	header[2];	Kernel object header			|BOOLEAN InheritedAddressSpace;
	|								|BOOLEAN ReadImageFileExecOptions;
	|								|BOOLEAN BeingDebugged;
	|								|BOOLEAN Spare; 
004	|								|HANDLE	Mutant; 
008 rw	|HMODULE module;	Main exe module (NT)			|PVOID 	ImageBaseAddress;
00C	|void*	event;		Pointer to an event object (unused)	|PPEB_LDR_DATA LoaderData;
--------+---------------------------------------------------------------+----------------------------------------------
010 -w	|DWORD	exit_code;	Process exit code			|PRTL_USER_PROCESS_PARAMETERS ProcessParameters;
014	|DWORD	unknown2;	Unknown					|PVOID 	SubSystemData;
018 rw	|HANDLE	heap;		Default process heap			|PVOID	ProcessHeap; 
01C	|HANDLE  mem_context;	Process memory context			|PVOID	FastPebLock; 
--------+---------------------------------------------------------------+----------------------------------------------
020 rw	|DWORD	flags;		Flags					|PPEBLOCKROUTINE FastPebLockRoutine; 
024	|void*	pdb16;		DOS PSP					|PPEBLOCKROUTINE FastPebUnlockRoutine;
028	|WORD	PSP_sel;	Selector to DOS PSP			|ULONG	EnvironmentUpdateCount;
	|WORD	imte;		IMTE for the process module		|
02C -w	|WORD	threads;	Number of threads			|PPVOID	KernelCallbackTable;
    -w	|WORD    running_threads;Number of running threads		|
--------+---------------------------------------------------------------+----------------------------------------------
030	|WORD	free_lib_count; Recursion depth of FreeLibrary calls	|PVOID	EventLogSection;
	|WORD    ring0_threads;	Number of ring 0 threads		|
034	|HANDLE  system_heap;	System heap to allocate handles		|PVOID	EventLog; 
038	|HTASK	task;		Win16 task				|PPEB_FREE_BLOCK FreeList; 
03C	|void*	mem_map_files;	Pointer to mem-mapped files		|ULONG	TlsExpansionCounter; 
--------+---------------------------------------------------------------+----------------------------------------------
040 -w	|struct _ENVDB* env_db;	Environment database			|PVOID	TlsBitmap; 
044	|void*	handle_table;	Handle table				|ULONG	TlsBitmapBits[0x2];
048	|struct _PDB* parent;	Parent process				|
04C	|void*	modref_list;	MODREF list				|PVOID	ReadOnlySharedMemoryBase; 
--------+---------------------------------------------------------------+----------------------------------------------
050	|void*	thread_list;	List of threads				|PVOID	ReadOnlySharedMemoryHeap;
054	|void*	debuggee_CB;	Debuggee context block			|PPVOID	ReadOnlyStaticServerData;
058	|void*	local_heap_free;Head of local heap free list		|PVOID	AnsiCodePageData; 
05C	|DWORD	unknown4;	Unknown					|PVOID	OemCodePageData; 
--------+---------------------------------------------------------------+----------------------------------------------
060	|CRITICAL_SECTION crit_section; Critical section		|PVOID	UnicodeCaseTableData; 
064	|								|ULONG	NumberOfProcessors; 
068	|								|ULONG	NtGlobalFlag;
06C	|								|BYTE	Spare2[0x4];
--------+---------------------------------------------------------------+----------------------------------------------
070	|								|LARGE_INTEGER CriticalSectionTimeout;
078	|DWORD	unknown5[3];	Unknown					|ULONG	HeapSegmentReserve;
07C	|								|ULONG	HeapSegmentCommit;
--------+---------------------------------------------------------------+----------------------------------------------
080	|								|ULONG	HeapDeCommitTotalFreeThreshold; 
084	|void*	console;	Console					|ULONG	HeapDeCommitFreeBlockThreshold; 
088 rw	|DWORD	tls_bits[2];	TLS in-use bits				|ULONG	NumberOfHeaps;
08C	|								|ULONG 	MaximumNumberOfHeaps;
--------+---------------------------------------------------------------+----------------------------------------------
090 rw	|DWORD	process_dword;	Unknown					|PPVOID*ProcessHeaps; 
094 -w	|struct _PDB* group;	Process group				|PVOID 	GdiSharedHandleTable; 
098	|void*	exe_modref;	MODREF for the process EXE		|PVOID 	ProcessStarterHelper; 
09C	|void*	top_filter;	Top exception filter			|PVOID 	GdiDCAttributeList; 
--------+---------------------------------------------------------------+----------------------------------------------
0A0 -w	|DWORD   priority;	Priority level				|PVOID 	LoaderLock; 
0A4	|HANDLE  heap_list;	Head of process heap list		|ULONG	OSMajorVersion;
0A8	|void*	heap_handles;	Head of heap handles list		|ULONG 	OSMinorVersion; 
0AC	|DWORD	unknown6;	Unknown					|ULONG	OSBuildNumber; 
--------+---------------------------------------------------------------+----------------------------------------------
0B0	|void*	console_provider; Console provider (??)			|ULONG	OSPlatformId; 
0B4	|WORD	env_selector;	Selector to process environment		|ULONG	ImageSubSystem; 
    rw	|WORD	error_mode;	Error mode				|
0B8 r	|HANDLE  load_done_evt;	Event for process loading done		|ULONG	ImageSubSystemMajorVersion;
0BC	|void*	UTState;	Head of Univeral Thunk list		|ULONG	ImageSubSystemMinorVersion; 
--------+---------------------------------------------------------------+----------------------------------------------
0C0	|DWORD	unknown8;	Unknown (NT)				|ULONG	GdiHandleBuffer[0x22]; 
0C4	|LCID	locale;		Locale queried by GetThreadLocale (NT)	|	
	|xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx|
104	|xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx|ULONG	PostProcessInitRoutine;
104	|xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx|ULONG	PostProcessInitRoutine;
108	|xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx|ULONG	TlsExpansionBitmap;
10C	|xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx|BYTE	TlsExpansionBitmapBits[0x80];
18C	|xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx|ULONG	SessionId;





More information about the wine-devel mailing list