User Mode 32bit
0:000> dt nt!_TEB.Stack*
ntdll!_TEB
+0x000 NtTib :
+0x004 StackBase : Ptr Void
+0x008 StackLimit : Ptr Void
User Mode 64bit
0:000> dt nt!_TEB NtTib.Stack*
ntdll!_TEB
+0x000 NtTib :
+0x008 StackBase : Ptr64 Void
+0x010 StackLimit : Ptr64 Void
Kernel Mode 32bit
0:000> dt nt!_KTHREAD Stack*
ntdll!_KTHREAD
+0x01c StackLimit : Ptr Void (NT v5.0 - Windows 2000)
+0x01c StackLimit : Ptr Void (NT v5.1 - Windows XP SP3)
+0x01c StackLimit : Ptr Void (NT v5.2 - Windows 2003 SP2)
+0x02c StackLimit : Ptr Void (NT v6.0 - Windows Vista/2008)
+0x02c StackLimit : Ptr Void (NT v6.1 - Windows 7/2008R2)
+0x15c StackBase : Ptr Void (NT v5.0 - Windows 2000)
+0x15c StackBase : Ptr Void (NT v5.1 - Windows XP SP3)
+0x158 StackBase : Ptr Void (NT v5.2 - Windows 2003 SP2)
+0x174 StackBase : Ptr Void (NT v6.0 - Windows Vista/2008)
+0x194 StackBase : Ptr Void (NT v6.1 - Windows 7/2008R2)
Kernel Mode 64bit
0:000> dt nt!_KTHREAD Stack*
ntdll!_KTHREAD
+0x??? StackLimit : Ptr64 Void(NT v5.1 - Windows XP SP3)
+0x??? StackLimit : Ptr64 Void(NT v5.2 - Windows 2003 SP2)
+0x030 StackLimit : Ptr64 Void(NT v6.0 - Windows Vista/2008)
+0x030 StackLimit : Ptr64 Void(NT v6.1 - Windows 7/2008R2)
+0x??? StackBase : Ptr64 Void(NT v5.1 - Windows XP SP3)
+0x??? StackBase : Ptr64 Void(NT v5.2 - Windows 2003 SP2)
+0x250 StackBase : Ptr64 Void(NT v6.0 - Windows Vista/2008)
+0x278 StackBase : Ptr64 Void(NT v6.1 - Windows 7/2008R2)
WinDbg里查找线程栈的StackBase 和 StackLimit 的硬偏移
原文:https://www.cnblogs.com/yilang/p/12524012.html