On Fri, Mar 6, 2009 at 5:13 PM, Alex Ionescu <ionucu(a)videotron.ca> wrote:
There is nothing "undocumented".
LARGE_INTEGER is 8 bytes long and
alignment padding is 8 bytes on x86.
I think you mean the next field must be aligned to 8 bytes. But why
really gcc doesnt think so, as it still reports that the next field
starts at 0x6C.
Or I must tell gcc to automatically pad that? Which option should I use for gcc?
Thanks,
J
On 6-Mar-09, at 2:46 AM, Jun Koi wrote:
Hi,
I notice that in Windows Vista - and also Windows XP - there seems to
be an undocumented field in PEB.
From Windbg, I found some below fields in PEB
structure'
...
+0x064 NumberOfProcessors : Uint4B
+0x068 NtGlobalFlag : Uint4B
+0x070 CriticalSectionTimeout : _LARGE_INTEGER
...
We can see that NtGlobalFlag is at offset 0x68, and is 4 bytes field.
So the next field should be at 0x6C. However, CriticalSectionTimeout
is at 0x70.
- So the question is why that happens? I suspect that there is an
undocumented field after NtGlobalFlag, which is removed from the
debugging data. Any idea?
- Another thing: ReactOS now faithfully declares the PEB structure
like above, without that secret 4 bytes hole. As a result, the
ReactOS's PEB size is 4 bytes short than PEB structure in Windows. Do
we need to care about that? Or not?
Thanks,
J
_______________________________________________
Ros-dev mailing list
Ros-dev(a)reactos.org
http://www.reactos.org/mailman/listinfo/ros-dev
Best regards,
Alex Ionescu
_______________________________________________
Ros-dev mailing list
Ros-dev(a)reactos.org
http://www.reactos.org/mailman/listinfo/ros-dev