On 13.02.2017 23:00, Andrew Wesie wrote:
On Mon, Feb 13, 2017 at 10:41 AM, Sebastian Lackner sebastian@fds-team.de wrote:
Adding those fields should work, but it is a bit dangerous because we only have limited space. I would suggest adding asserts to ensure we never make this struct too big. Something like this should work:
C_ASSERT( FIELD_OFFSET(TEB, SpareBytes1) + sizeof(struct ntdll_thread_data) <= FIELD_OFFSET(TEB, GdiTebBatch) + sizeof(((TEB *)0)->GdiTebBatch) );
Is the following acceptable:
C_ASSERT( sizeof(struct ntdll_thread_data) <= FIELD_OFFSET(TEB, gdiRgn) - FIELD_OFFSET(TEB, SpareBytes1) );
It should be equivalent, but it is shorter and has less parenthesis.
Yes, that should also be fine.
Probably we should also use it for important i386 fields, to ensure they are not moved.
#ifdef __i386__ C_ASSERT( FIELD_OFFSET(TEB, SpareBytes1) + FIELD_OFFSET(struct ntdll_thread_data, vm86) == FIELD_OFFSET(TEB, GdiTebBatch) ); C_ASSERT( FIELD_OFFSET(TEB, SpareBytes1) + FIELD_OFFSET(struct ntdll_thread_data, vm86) == 0x1fc ); C_ASSERT( FIELD_OFFSET(TEB, SpareBytes1) + FIELD_OFFSET(struct ntdll_thread_data, gs) == 0x1d8 ); #endif
Looks good to me. I'll add that to the patch.
-Andrew