开发者

What lies at fs:[0x0] on windows?

问答 作者:

The TEB on 32-bit Windows is located at fs:[0x0018]. What exactly is found in those 24 bytes between fs:0 and fs:0x18? (Yes, I know this undo开发者_高级运维cumented and subject to change, but it'd be interesting to know...)

It is start of Thread Information Block at FS:[0]. The very first field of this structure is Current Structured Exception Handling (SEH) frame.

Thus, at FS:[0] is the pointer to ExceptionList

Source

It is pointer to Exception Callback Functions linked list head.

BTW it is pretty documented and everything from FS:[0] to FS:[0x1C] (excluding) is not part of change, it is very basic structure, MS would not change it in NT OSes.

继续阅读:nt-native-apiwindows

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9