Win32 Thread Information Block
From Wikipedia, the free encyclopedia
The Thread Information Block (TIB) or Thread Environment Block (TEB) is a data structure in Win32 on x86 that stores information about the currently running thread. It descended from, and is backward-compatible on 32-bit systems with, a similar structure in OS/2.[1]
This article needs to be updated. (December 2013) |
The TIB is officially undocumented for Windows 9x. The Windows NT series DDK (as well as the MinGW/ReactOS implementation) includes a struct NT_TIB
in winnt.h
that documents the subsystem independent part. Even before TIB was effectively documented, many applications have already started using its fields that they are effectively a part of the API. The first field containing the SEH frame, in particular, is directly referenced by the code produced by Microsoft's own compiler.[1] The Win32 subsystem-specific part of the TEB is undocumented, but Wine includes a TEB definition in winternl.h
.[2]
The TIB can be used to get a lot of information on the process without calling Win32 API. Examples include emulating GetLastError()
, GetVersion()
. Through the pointer to the PEB one can obtain access to the import tables (IAT), process startup arguments, image name, etc. It is accessed from the FS segment register on 32-bit Windows and GS on 64-bit Windows.