TEB

2OO1, 2 March

TEB

typedef struct _TEB {



  NT_TIB                  Tib;
  PVOID                   EnvironmentPointer;
  CLIENT_ID               Cid;
  PVOID                   ActiveRpcInfo;
  PVOID                   ThreadLocalStoragePointer;
  PPEB                    Peb;
  ULONG                   LastErrorValue;
  ULONG                   CountOfOwnedCriticalSections;
  PVOID                   CsrClientThread;
  PVOID                   Win32ThreadInfo;
  ULONG                   Win32ClientInfo[0x1F];
  PVOID                   WOW32Reserved;
  ULONG                   CurrentLocale;
  ULONG                   FpSoftwareStatusRegister;
  PVOID                   SystemReserved1[0x36];
  PVOID                   Spare1;
  ULONG                   ExceptionCode;
  ULONG                   SpareBytes1[0x28];
  PVOID                   SystemReserved2[0xA];
  ULONG                   GdiRgn;
  ULONG                   GdiPen;
  ULONG                   GdiBrush;
  CLIENT_ID               RealClientId;
  PVOID                   GdiCachedProcessHandle;
  ULONG                   GdiClientPID;
  ULONG                   GdiClientTID;
  PVOID                   GdiThreadLocaleInfo;
  PVOID                   UserReserved[5];
  PVOID                   GlDispatchTable[0x118];
  ULONG                   GlReserved1[0x1A];
  PVOID                   GlReserved2;
  PVOID                   GlSectionInfo;
  PVOID                   GlSection;
  PVOID                   GlTable;
  PVOID                   GlCurrentRC;
  PVOID                   GlContext;
  NTSTATUS                LastStatusValue;
  UNICODE_STRING          StaticUnicodeString;
  WCHAR                   StaticUnicodeBuffer[0x105];
  PVOID                   DeallocationStack;
  PVOID                   TlsSlots[0x40];
  LIST_ENTRY              TlsLinks;
  PVOID                   Vdm;
  PVOID                   ReservedForNtRpc;
  PVOID                   DbgSsReserved[0x2];
  ULONG                   HardErrorDisabled;
  PVOID                   Instrumentation[0x10];
  PVOID                   WinSockData;
  ULONG                   GdiBatchCount;
  ULONG                   Spare2;
  ULONG                   Spare3;
  ULONG                   Spare4;
  PVOID                   ReservedForOle;
  ULONG                   WaitingOnLoaderLock;
  PVOID                   StackCommit;
  PVOID                   StackCommitMax;
  PVOID                   StackReserved;

} TEB, *PTEB;

Structure TEB (Thread Environment Block) is memory block containing system variables placed in User-Mode memory. Every created thread have own TEB block. User can get address of TEB by call NtCurrentTeb function.

Tib Structure NT_TIB is avaiable in <WinNT.h> header file.

EnvironmentPointer

ActiveRpcInfo

ThreadLocalStoragePointer

Peb Pointer to PEB structure contains Process Environment Block.

LastErrorValue

CountOfOwnedCriticalSections

CsrClientThread

Win32ThreadInfo

Win32ClientInfo[0x1F]

WOW32Reserved

CurrentLocale

FpSoftwareStatusRegister

SystemReserved1[0x36]

Spare1

ExceptionCode

SpareBytes1[0x28]

SystemReserved2[0xA]

GdiRgn

GdiPen

GdiBrush

RealClientId

GdiCachedProcessHandle

GdiClientPID

GdiClientTID

GdiThreadLocaleInfo

UserReserved[5]

GlDispatchTable[0x118]

GlReserved1[0x1A]

GlReserved2

GlSectionInfo

GlSection

GlTable

GlCurrentRC

GlContext

LastStatusValue

StaticUnicodeString

StaticUnicodeBuffer[0x105]

DeallocationStack

TlsSlots[0x40]

TlsLinks

ReservedForNtRpc

DbgSsReserved[0x2]

HardErrorDisabled

Instrumentation[0x10]

WinSockData

GdiBatchCount

Spare2

Spare3

Spare4

ReservedForOle

WaitingOnLoaderLock

StackCommit

StackCommitMax

StackReserved

Documented by:

Reactos

Tomasz Nowak

Requirements:

Library: ntdll.lib

Undocumented functions of NTDLL