windows核心编程第四版的窗口部分,有提到一个与窗口有关的数据结构称为threadinfo.
我试着找了一下这个结构,可能与与teb中的0x40处的WIN32THREADINFO相似,但是我对它依然一无所知。。求高手解答一下, win32threadinfo是否就是windows核心所指的threadinfo,这个结构所对应的结构到底是怎么样的? 谢谢。下面是一些辅助信息。
kd> !process //查看当前进程消息
PROCESS 867e36c8 SessionId: 0 Cid: 04d4 Peb: 7ffdc000 ParentCid: 0640
DirBase: 3fcc3280 ObjectTable: e1494a50 HandleCount: 37.
.........................
//有三个线程,2个等待,1个运行
THREAD 86983c18 Cid 04d4.046c Teb: 7ffdf000 Win32Thread: e1994ea8 WAIT: (Unknown) UserMode Non-Alertable
86791500 Thread
THREAD 86791500 Cid 04d4.01b0 Teb: 7ffde000 Win32Thread: e1496a10 RUNNING on processor 0
THREAD 8626cdb0 Cid 04d4.04e0 Teb: 7ffdd000 Win32Thread: e1983b88 WAIT: (Unknown) UserMode Non-Alertable
86995f58 SynchronizationEvent
THREAD 86bea940 Cid 04d4.04d0 Teb: 7ffdb000 Win32Thread: 00000000 READY
//当前运行线程
kd> .thread
Implicit thread is now 86791500
//查看Win32Thread处的数据
kd> dd e1496a10
e1496a10 86791500 00000001 00000000 009001d0
e1496a20 00000000 00000000 00000000 00000000
e1496a30 e1496a30 e1496a30 b9fa3bd4 e1588370
e1496a40 e19d30f0 e154f3b0 bc645358 8689b9c0
e1496a50 bc630650 bc040000 7ffde6cc 01000000
e1496a60 00000000 00000000 00000000 00000000
e1496a70 00000000 00000000 00000000 00000048
e1496a80 00000001 00000000 00000000 00000000
kd> dd e1983b88
e1983b88 8626cdb0 00000001 00000000 009003a0
e1983b98 00000000 00000000 00000000 00000000
e1983ba8 e1983ba8 e1983ba8 00000000 e1588370
e1983bb8 e19a2388 e154f3b0 bc635ab8 8689b9c0
e1983bc8 bc630650 bc040000 7ffdd6cc 01000000
e1983bd8 00000000 00000000 00000000 00000000
e1983be8 0003759e 00000001 00000000 00000048
e1983bf8 00000000 00000000 00000000 00000000
kd> dd e1994ea8
e1994ea8 86983c18 00000001 00000000 00000000
e1994eb8 00000000 00000000 00000000 00000000
e1994ec8 e1994ec8 e1994ec8 00000000 e1588370
e1994ed8 e19991d8 e154f3b0 bc642878 8689b9c0
e1994ee8 bc630650 bc040000 7ffdf6cc 01000000
e1994ef8 00000000 00000000 00000000 00000000
e1994f08 00000000 00000000 00000000 00000048
e1994f18 00000000 00000000 00000000 00000000
[课程]Android-CTF解题方法汇总!
