On Mon, Feb 13, 2017 at 10:41 AM, Sebastian Lackner <sebastian(a)fds-team.de> wrote:
Adding those fields should work, but it is a bit dangerous because we only have limited space. I would suggest adding asserts to ensure we never make this struct too big. Something like this should work:
C_ASSERT( FIELD_OFFSET(TEB, SpareBytes1) + sizeof(struct ntdll_thread_data) <= FIELD_OFFSET(TEB, GdiTebBatch) + sizeof(((TEB *)0)->GdiTebBatch) );
Is the following acceptable: C_ASSERT( sizeof(struct ntdll_thread_data) <= FIELD_OFFSET(TEB, gdiRgn) - FIELD_OFFSET(TEB, SpareBytes1) ); It should be equivalent, but it is shorter and has less parenthesis.
Probably we should also use it for important i386 fields, to ensure they are not moved.
#ifdef __i386__ C_ASSERT( FIELD_OFFSET(TEB, SpareBytes1) + FIELD_OFFSET(struct ntdll_thread_data, vm86) == FIELD_OFFSET(TEB, GdiTebBatch) ); C_ASSERT( FIELD_OFFSET(TEB, SpareBytes1) + FIELD_OFFSET(struct ntdll_thread_data, vm86) == 0x1fc ); C_ASSERT( FIELD_OFFSET(TEB, SpareBytes1) + FIELD_OFFSET(struct ntdll_thread_data, gs) == 0x1d8 ); #endif
Looks good to me. I'll add that to the patch. -Andrew