Win32 Thread Information Block

This table is based on Wine's work on Microsoft Windows internals. FS (for 32-bit) or GS (for 64-bit) maps to a TIB which is embedded in a data block known as the TDB (thread data base). The TIB contains the thread-specific exception handling chain and pointer to the TLS (thread local storage.) The thread local storage is not the same as C local storage. ==Stack information stored in the TIB==

A process should be free to move the stack of its threads as long as it updates the information stored in the TIB accordingly. A few fields are key to this matter: stack base, stack limit, deallocation stack, and guaranteed stack bytes, respectively stored at offsets 0x8, 0x10, 0x1478 and 0x1748 in 64 bits. Different Windows kernel functions read and write these values, specially to distinguish stack overflows from other read/write page faults (a read or write to a page guarded among the stack limits in guaranteed stack bytes will generate a stack-overflow exception instead of an access violation). The deallocation stack is important because Windows API allows to change the amount of guarded pages: the function SetThreadStackGuarantee allows both read the current space and to grow it. In order to read it, it reads the GuaranteedStackBytes field, and to grow it, it uses has to uncommit stack pages. Setting stack limits without setting DeallocationStack will probably cause odd behavior in SetThreadStackGuarantee. For example, it will overwrite the stack limits to wrong values. Different libraries call SetThreadStackGuarantee, for example the .NET CLR uses it for setting up the stack of their threads. ==Accessing the TIB==

The TIB of the current thread can be accessed as an offset of segment register FS (x86) or GS (x64). It is not common to access the TIB fields by an offset from FS:[0], but rather first getting a linear self-referencing pointer to it stored at FS:[18h]. That pointer can be used with pointer arithmetic or be cast to a struct pointer. Using Microsoft Windows SDK or similar, a programmer could use an inline function defined in winnt.h named NtCurrentTeb which returns the address of the current Thread Information Block as NT_TIB *. Alternative methods of access for IA-32 architectures are as follows: // gcc (AT&T-style inline assembly). void *getTIB(void) { register void *pTIB; • if defined(__x86_64__) || defined(__amd64__) __asm__("movq %%gs:0x30, %0" : "=r" (pTIB)); • elif defined(__i386__) __asm__("movl %%fs:0x18, %0" : "=r" (pTIB)); • else • error unsupported architecture • endif return pTIB; } // gcc (named address spaces, same as the inline assembly version on -O1 or -ftree-ter). void *getTIB(void) { • if defined(__x86_64__) || defined(__amd64__) • ifndef __SEG_GS • error unsupported GCC version • endif return *(void *__seg_gs *) 0x30; • elif defined(__i386__) • ifndef __SEG_FS • error unsupported GCC version • endif return *(void *__seg_fs *) 0x18; • else • error unsupported architecture • endif } // Microsoft C __declspec(naked) void *getTIB() { __asm mov EAX, FS:[18h] __asm ret } // Using Microsoft's intrinsics instead of inline assembly (works for both X86 and X64 architectures) void *getTIB() { • ifdef _M_IX86 return (void *)__readfsdword(0x18); • elif _M_AMD64 return (void *)__readgsqword(0x30); • else • error unsupported architecture • endif } ==See also==