|
阅读:4109回复:1
THREADINFO结构格式?
相信很多人看过《走进Windows2000内部》这篇文章,但是这篇文章中说的THREADINFO结构和源码中格式不完全相同,想问一下,这个结构是从哪儿来的?和源码中的THREADINFO结构到底谁是正确的?附这篇文章中出现的结构描述。
typedef struct tagTHREADINFO { //W32THREAD; //PTL ptl; // Listhead for thread lock list // W32THREAD 和 PTL 是我所不知道的结构 , 通过 SoftICE 的帮助 , 我知道了它们的大小 , // 于是我弄了个东东来填充它 PADDING(padding1 , 0x2c); PVOID ppi; // process info struct for this thread // type is PPROCESSINFO PVOID rpdesk; // type is PDESKTOP PDESKTOPINFO pDeskInfo; // Desktop info visible to client // type is PDESKTOPINFO PCLIENTINFO pClientInfo; // Client info stored in TEB // type is PCLIENTINFO DWORD TIF_flags; // TIF_ flags go here. PUNICODE_STRING pstrAppName; // Application module name. PVOID psmsSent; // Most recent SMS this thread has sent // type is PSMS PVOID psmsCurrent; // Received SMS this thread is currently processing // type is PSMS PVOID psmsReceiveList; // SMSs to be processed // type is PSMS LONG timeLast; // Time, position, and ID of last message ULONG_PTR idLast; int cQuit; int exitCode; HDESK hdesk; // Desktop handle // HDESK int cPaintsReady; UINT cTimersReady; PVOID pMenuState; // type is PMENUSTATE union { PVOID ptdb; // Win16Task Schedule data for WOW thread // type is PTDB PVOID pwinsta; // Window station for SYSTEM thread // type is PWINDOWSTATION }; PVOID psiiList; // thread DDEML instance list // type is PSVR_INSTANCE_INFO DWORD dwExpWinVer; DWORD dwCompatFlags; // The Win 3.1 Compat flags DWORD dwCompatFlags2; // new DWORD to extend compat flags for NT5+ features PVOID pqAttach; // calculation variabled used in // type is PQ // zzzAttachThreadInput() PTHREADINFO ptiSibling; // pointer to sibling thread info PVOID pmsd; // type is PMOVESIZEDATA DWORD fsHooks; // WHF_ Flags for which hooks are installed PHOOK sphkCurrent; // Hook this thread is currently processing // type is PHOOK PVOID pSBTrack; // type is PSBTRACK HANDLE hEventQueueClient; PVOID pEventQueueServer; // type is PKEVENT PVOID PtiLink; // Link to other threads on desktop // type is LIST_ENTRY int iCursorLevel; // keep track of each thread's level PADDING(padding2 , 4); POINT ptLast; PWND spwndDefaultIme; // Default IME Window for this thread // type is PWND PVOID spDefaultImc; // Default input context for this thread // type is PIMC HANDLE hklPrev; // Previous active keyboard layout // type is HKL int cEnterCount; MLIST mlPost; // posted message list. USHORT fsChangeBitsRemoved;// Bits removed during PeekMessage WCHAR wchInjected; // character from last VK_PACKET DWORD fsReserveKeys; // Keys that must be sent to the active // active console window. PVOID *apEvent; // Wait array for xxxPollAndWaitForSingleObject // type is PKEVENT ACCESS_MASK amdesk; // Granted desktop access UINT cWindows; // Number of windows owned by this thread UINT cVisWindows; // Number of visible windows on this thread PHOOK aphkStart[CWINHOOKS]; // Hooks registered for this thread // type is PHOOK BYTE cti; // Use this when no desktop is available // type is CLIENTTHREADINFO }THREADINFO ,* PTHREADINFO; |
|
|
沙发#
发布于:2008-09-11 10:00
我记得用windbg+symbol 好像可以显示出来各个字段的含义
|
|