Class ThreadEnvironmentBlock
java.lang.Object
ghidra.app.util.datatype.microsoft.ThreadEnvironmentBlock
Class for creating a Ghidra memory block representing the TEB: Thread Environment Block.
The class must be instantiated with the Program and the Windows OS version to control
details of the TEB layout. The user must call setAddress to provide the starting address
of the block to create. Then they must call one of
- createBlockAndStructure or
- createBlocksAndSymbols
The TEB can be represented either by a single structure overlaying the
block (createBlockAndStructure), or as a series of symbols and primitive
data-types (createBlocksAndSymbols).
Finally the user should call setRegisterValue. The TEB is accessed either through the FS segment
(32-bit) or GS segment (64-bit), so this method sets a Register value for one these over
the program.
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionstatic enumAn enumeration describing a Windows OS version by String and by ordinal. -
Field Summary
Fields -
Constructor Summary
ConstructorsConstructorDescriptionThreadEnvironmentBlock(Program prog, ThreadEnvironmentBlock.WinVersion version) -
Method Summary
Modifier and TypeMethodDescriptionvoidCreate TEB as a single uninitialized block.voidCreate 2 blocks, one that is initialized to hold a proper value for the TEB Self reference field and another to hold the remainder of the TEB.intbooleanis64()voidsetAddress(Address addr) Set the starting address of the TEBvoidSet FS_OFFSET for 32-bit or GS_OFFSET for 64-bit to the address of the TEB across the program.
-
Field Details
-
BLOCK_NAME
- See Also:
-
-
Constructor Details
-
ThreadEnvironmentBlock
-
-
Method Details
-
createBlockAndStructure
public void createBlockAndStructure() throws MemoryConflictException, LockException, IllegalArgumentException, AddressOverflowException, CodeUnitInsertionException, InvalidInputExceptionCreate TEB as a single uninitialized block. A TEB structure is created and is placed on the block.- Throws:
MemoryConflictException- if there are overlap problems with other blocksAddressOverflowException- for problems with block's start AddressIllegalArgumentException- for problems with the block name or the TEB data-typeLockException- if it cannot get an exclusive lock on the programCodeUnitInsertionException- for problems laying down the structure on the blockInvalidInputException- for problems with the symbol name attached to the TEB
-
createBlocksAndSymbols
public void createBlocksAndSymbols() throws MemoryConflictException, LockException, IllegalArgumentException, AddressOverflowException, CancelledExceptionCreate 2 blocks, one that is initialized to hold a proper value for the TEB Self reference field and another to hold the remainder of the TEB. The data structure is layed down as a series of symbols on these blocks.- Throws:
MemoryConflictException- if there are overlap problems with other blocksCancelledException- if block creation is cancelledAddressOverflowException- for problems with block's start AddressIllegalArgumentException- for problems with the block name or the TEB data-typeLockException- if it cannot get an exclusive lock on the program
-
setRegisterValue
public void setRegisterValue()Set FS_OFFSET for 32-bit or GS_OFFSET for 64-bit to the address of the TEB across the program. -
is64
public boolean is64()- Returns:
- true if a 64-bit TEB is being layed down.
-
getBlockSize
public int getBlockSize()- Returns:
- the number of bytes needed in the full TEB block being constructed
-
setAddress
Set the starting address of the TEB- Parameters:
addr- is the Address to set
-