ntdll/kernel32: #25
Eric Pouech
pouech-eric at wanadoo.fr
Tue May 20 15:26:08 CDT 2003
Alexandre Julliard wrote:
> Eric Pouech <pouech-eric at wanadoo.fr> writes:
>
>
>>- access to PROCESS_PARAMETERS from kernel32: currently this is done
>>by exporting a function pointer from ntdll, but this is not a good
>>solution IMO. Should we better: 1/ create a real PEB and store it at
>>its real offset. 2/ store the pointer to PROCESS_PARAMETER in the PDB
>>(even if it doesn't exist in PDB but in PEB) at an unused offset (I
>>don't think it's really doable to merge PDB and PEB, or we'll have to
>>trash PDB.exit_code)
>
>
> PDB and PEB are really the same thing, so they definitely have to be
> merged.
>
easier said than done
if I make a side by side comparison (see wide text file attached) there
are very few similarities:
- except at the offsets 0x008 and 0x018 where we have similar items, the
rest is quite different
- I added the offset we actually (and explicitely) use from the PDB (r
means the offset is read from code, w means written. I assume the -w
case is when we expect some program to directly access the fields)
so I'll add the PROCESS_PARAMETERS pointer in the merged PDB/PEB at an
unused offset (as 0x10 is already used by the PDB). 0x14 will do fine.
A+
--
Eric Pouech
-------------- next part --------------
Offset |PDB |PEB
--------+---------------------------------------------------------------+----------------------------------------------
000 |LONG header[2]; Kernel object header |BOOLEAN InheritedAddressSpace;
| |BOOLEAN ReadImageFileExecOptions;
| |BOOLEAN BeingDebugged;
| |BOOLEAN Spare;
004 | |HANDLE Mutant;
008 rw |HMODULE module; Main exe module (NT) |PVOID ImageBaseAddress;
00C |void* event; Pointer to an event object (unused) |PPEB_LDR_DATA LoaderData;
--------+---------------------------------------------------------------+----------------------------------------------
010 -w |DWORD exit_code; Process exit code |PRTL_USER_PROCESS_PARAMETERS ProcessParameters;
014 |DWORD unknown2; Unknown |PVOID SubSystemData;
018 rw |HANDLE heap; Default process heap |PVOID ProcessHeap;
01C |HANDLE mem_context; Process memory context |PVOID FastPebLock;
--------+---------------------------------------------------------------+----------------------------------------------
020 rw |DWORD flags; Flags |PPEBLOCKROUTINE FastPebLockRoutine;
024 |void* pdb16; DOS PSP |PPEBLOCKROUTINE FastPebUnlockRoutine;
028 |WORD PSP_sel; Selector to DOS PSP |ULONG EnvironmentUpdateCount;
|WORD imte; IMTE for the process module |
02C -w |WORD threads; Number of threads |PPVOID KernelCallbackTable;
-w |WORD running_threads;Number of running threads |
--------+---------------------------------------------------------------+----------------------------------------------
030 |WORD free_lib_count; Recursion depth of FreeLibrary calls |PVOID EventLogSection;
|WORD ring0_threads; Number of ring 0 threads |
034 |HANDLE system_heap; System heap to allocate handles |PVOID EventLog;
038 |HTASK task; Win16 task |PPEB_FREE_BLOCK FreeList;
03C |void* mem_map_files; Pointer to mem-mapped files |ULONG TlsExpansionCounter;
--------+---------------------------------------------------------------+----------------------------------------------
040 -w |struct _ENVDB* env_db; Environment database |PVOID TlsBitmap;
044 |void* handle_table; Handle table |ULONG TlsBitmapBits[0x2];
048 |struct _PDB* parent; Parent process |
04C |void* modref_list; MODREF list |PVOID ReadOnlySharedMemoryBase;
--------+---------------------------------------------------------------+----------------------------------------------
050 |void* thread_list; List of threads |PVOID ReadOnlySharedMemoryHeap;
054 |void* debuggee_CB; Debuggee context block |PPVOID ReadOnlyStaticServerData;
058 |void* local_heap_free;Head of local heap free list |PVOID AnsiCodePageData;
05C |DWORD unknown4; Unknown |PVOID OemCodePageData;
--------+---------------------------------------------------------------+----------------------------------------------
060 |CRITICAL_SECTION crit_section; Critical section |PVOID UnicodeCaseTableData;
064 | |ULONG NumberOfProcessors;
068 | |ULONG NtGlobalFlag;
06C | |BYTE Spare2[0x4];
--------+---------------------------------------------------------------+----------------------------------------------
070 | |LARGE_INTEGER CriticalSectionTimeout;
078 |DWORD unknown5[3]; Unknown |ULONG HeapSegmentReserve;
07C | |ULONG HeapSegmentCommit;
--------+---------------------------------------------------------------+----------------------------------------------
080 | |ULONG HeapDeCommitTotalFreeThreshold;
084 |void* console; Console |ULONG HeapDeCommitFreeBlockThreshold;
088 rw |DWORD tls_bits[2]; TLS in-use bits |ULONG NumberOfHeaps;
08C | |ULONG MaximumNumberOfHeaps;
--------+---------------------------------------------------------------+----------------------------------------------
090 rw |DWORD process_dword; Unknown |PPVOID*ProcessHeaps;
094 -w |struct _PDB* group; Process group |PVOID GdiSharedHandleTable;
098 |void* exe_modref; MODREF for the process EXE |PVOID ProcessStarterHelper;
09C |void* top_filter; Top exception filter |PVOID GdiDCAttributeList;
--------+---------------------------------------------------------------+----------------------------------------------
0A0 -w |DWORD priority; Priority level |PVOID LoaderLock;
0A4 |HANDLE heap_list; Head of process heap list |ULONG OSMajorVersion;
0A8 |void* heap_handles; Head of heap handles list |ULONG OSMinorVersion;
0AC |DWORD unknown6; Unknown |ULONG OSBuildNumber;
--------+---------------------------------------------------------------+----------------------------------------------
0B0 |void* console_provider; Console provider (??) |ULONG OSPlatformId;
0B4 |WORD env_selector; Selector to process environment |ULONG ImageSubSystem;
rw |WORD error_mode; Error mode |
0B8 r |HANDLE load_done_evt; Event for process loading done |ULONG ImageSubSystemMajorVersion;
0BC |void* UTState; Head of Univeral Thunk list |ULONG ImageSubSystemMinorVersion;
--------+---------------------------------------------------------------+----------------------------------------------
0C0 |DWORD unknown8; Unknown (NT) |ULONG GdiHandleBuffer[0x22];
0C4 |LCID locale; Locale queried by GetThreadLocale (NT) |
|xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx|
104 |xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx|ULONG PostProcessInitRoutine;
104 |xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx|ULONG PostProcessInitRoutine;
108 |xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx|ULONG TlsExpansionBitmap;
10C |xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx|BYTE TlsExpansionBitmapBits[0x80];
18C |xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx|ULONG SessionId;
More information about the wine-devel
mailing list