22 Aug
2006
22 Aug
'06
5:24 a.m.
Monday, August 21, 2006, 8:45:02 PM, Juan Lang wrote:
Hi folks, I'm trying to debug an access (by native userenv.dll in my case, but also by MS Money 2006) to address 0x7ffe02c0. This is my understanding so far:
The TEB is at 0x7ffe0000, so, according to winternl.h, offset 0x02c0 within it is in the middle of GDI_TEB_BATCH. That doesn't make any sense to me.
0x7ffe0000 is KSHARED_USER_DATA and 0x2c0 is (not even sure how to get what is at this offset). You can see it's declaration in include/ddk/wdm.h
Vitaliy.