Доброго времени суток! Не мог бы кто-нибудь сказать смещение Teb в ETHREAD для Windows Vista/Seven? Заранее спасибо
Код (Text): 0: kd> vertarget Windows 7 Kernel Version 7600 MP (2 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Built by: 7600.16617.amd64fre.win7_gdr.100618-1621 Machine Name: Kernel base = 0xfffff800`02e15000 PsLoadedModuleList = 0xfffff800`03052e50 Debug session time: Sun Feb 13 05:34:57.897 17420 (UTC + 3:00) System Uptime: 0 days 8:55:21.997 0: kd> dt -r1 nt!_ETHREAD +0x000 Tcb : _KTHREAD +0x000 Header : _DISPATCHER_HEADER +0x018 CycleTime : Uint8B +0x020 QuantumTarget : Uint8B +0x028 InitialStack : Ptr64 Void +0x030 StackLimit : Ptr64 Void +0x038 KernelStack : Ptr64 Void +0x040 ThreadLock : Uint8B +0x048 WaitRegister : _KWAIT_STATUS_REGISTER +0x049 Running : UChar +0x04a Alerted : [2] UChar +0x04c KernelStackResident : Pos 0, 1 Bit +0x04c ReadyTransition : Pos 1, 1 Bit +0x04c ProcessReadyQueue : Pos 2, 1 Bit +0x04c WaitNext : Pos 3, 1 Bit +0x04c SystemAffinityActive : Pos 4, 1 Bit +0x04c Alertable : Pos 5, 1 Bit +0x04c GdiFlushActive : Pos 6, 1 Bit +0x04c UserStackWalkActive : Pos 7, 1 Bit +0x04c ApcInterruptRequest : Pos 8, 1 Bit +0x04c ForceDeferSchedule : Pos 9, 1 Bit +0x04c QuantumEndMigrate : Pos 10, 1 Bit +0x04c UmsDirectedSwitchEnable : Pos 11, 1 Bit +0x04c TimerActive : Pos 12, 1 Bit +0x04c Reserved : Pos 13, 19 Bits +0x04c MiscFlags : Int4B +0x050 ApcState : _KAPC_STATE +0x050 ApcStateFill : [43] UChar +0x07b Priority : Char +0x07c NextProcessor : Uint4B +0x080 DeferredProcessor : Uint4B +0x088 ApcQueueLock : Uint8B +0x090 WaitStatus : Int8B +0x098 WaitBlockList : Ptr64 _KWAIT_BLOCK +0x0a0 WaitListEntry : _LIST_ENTRY +0x0a0 SwapListEntry : _SINGLE_LIST_ENTRY +0x0b0 Queue : Ptr64 _KQUEUE +0x0b8 Teb : Ptr64 Void
