0:004> !teb
TEB at 7ffda000
......0:004> dt TEB 7ffda000 ReservedForOle
ntdll!TEB
+0xf80 ReservedForOle : 0x001ff650
0:004> dt SOleTlsData 0x001ff650
ole32!SOleTlsData
......+0x030 pObjServer : (null)
+0x034 dwTIDCaller : 0
+0x038 pCurrentCtx : 0x001cb7a8 CObjectContext
+0x03c pEmptyCtx : (null)
......+0x080 LogicalThreadId : _GUID {6cb93bfd-eb78-4a9d-8537-91de9ea8b38f}
+0x090 hThread : 0x0000019c
+0x094 hRevert : (null)
......+0x108 incomingCallData : tagIncomingCallData
+0x10c outgoingActivationData : tagOutgoingActivationData
0:004> dt CObjectContext 0x001cb7a8
ole32!CObjectContext
......+0x040 _MarshalSizeMax : 0
+0x044 _pApartment : 0x001ec908 CComApartment
+0x048 _dwHashOfId : 6
......
0:004> dt -r2 CObjectContext 0x001cb7a8
ole32!CObjectContext
......+0x008 _dwState : 3
+0x00c _AptKind : 2 ( APTKIND_MULTITHREADED )
+0x010 _AptId : 0
......
Now let's put them into one single command:
dt ole32!CComApartment poi(@@C++(#FIELD_OFFSET(ole32!CObjectContext,_pApartment))+poi(poi($thread+@@C++(#FIELD_OFFSET(kernel32!TEB, ReservedForOle)))+@@C++(#FIELD_OFFSET(ole32!SOleTlsData,pCurrentCtx))))))
No comments:
Post a Comment