On Mon, Feb 13, 2017 at 10:41 AM, Sebastian Lackner sebastian@fds-team.de wrote:
Adding those fields should work, but it is a bit dangerous because we only have limited space. I would suggest adding asserts to ensure we never make this struct too big. Something like this should work:
C_ASSERT( FIELD_OFFSET(TEB, SpareBytes1) + sizeof(struct ntdll_thread_data) <= FIELD_OFFSET(TEB, GdiTebBatch) + sizeof(((TEB *)0)->GdiTebBatch) );
Is the following acceptable:
C_ASSERT( sizeof(struct ntdll_thread_data) <= FIELD_OFFSET(TEB, gdiRgn) - FIELD_OFFSET(TEB, SpareBytes1) );
It should be equivalent, but it is shorter and has less parenthesis.
Probably we should also use it for important i386 fields, to ensure they are not moved.
#ifdef __i386__ C_ASSERT( FIELD_OFFSET(TEB, SpareBytes1) + FIELD_OFFSET(struct ntdll_thread_data, vm86) == FIELD_OFFSET(TEB, GdiTebBatch) ); C_ASSERT( FIELD_OFFSET(TEB, SpareBytes1) + FIELD_OFFSET(struct ntdll_thread_data, vm86) == 0x1fc ); C_ASSERT( FIELD_OFFSET(TEB, SpareBytes1) + FIELD_OFFSET(struct ntdll_thread_data, gs) == 0x1d8 ); #endif
Looks good to me. I'll add that to the patch.
-Andrew