Monday, September 8, 2008

Win32 TIB (Thread Information Block)

Win32 TIB 

Win32 TIB (Thread Information Block) is a data struct in wins32 on x86 that stores info about the currently running thread. 

If you have a Process Explorer type application, you can use TIB instead of using APIs to get the thread and process information. 

The TIB can be used to get a lot of information on the process without calling win32 API. Examples include emulating GetLastError(), GetVersion(). Through the pointer to the PEB one can obtain access to the import tables (IAT), process startup arguments, image name, etc.

 How to Access TIB 

The TIB can be accessed as an offset of segment register FS.FS is the  data selector to TIB  for the first thread.

FS maps to a TIB which is embedded in a data block known as the TDB (thread data base). The TIB contains the thread-specific exception handling chain and pointer to the TLS (thread local storage.) The thread local storage is not the same as C local storage.

 TIB Contents: 

Position

Windows Ver.

Description

FS:[0x00]

Win9x and NT


FS:[0x04]

Win9x and NT

Top of stack

FS:[0x08]

Win9x and NT

Current bottom of stack

FS:[0x10]

NT


FS:[0x14]

Win9x and NT

Arbitrary data slot

FS:[0x18]

Win9x and NT

Linear address of TIB

FS:[0x1C]

NT

Environment Pointer

FS:[0x20]

NT

Process ID

FS:[0x24]

NT

Current thread ID

FS:[0x28]

NT

Active RPC Handle

FS:[0x2C]

Win9x and NT

Linear address of the TLS array

FS:[0x30]

NT

Linear address of (PEB)

FS:[0x34]

NT

Last error number

FS:[0x38]

NT

Count of owned critical sections

FS:[0x3C]

NT

Address of CSR Client Thread

FS:[0x40]

NT

Win32 Thread Information

FS:[0x44]

NT,Wine

Win32 client information (NT), user32 private data (Wine), 0x60 = LastError (Win95), 0x74 = LastError (WinME)

FS:[0xC0]

NT

Reserved for Wow32

FS:[0xC4]

NT

Current Locale

FS:[0xC8]

NT

FP Software Status Register

FS:[0xCC]

NT,Wine

Reserved for OS (NT), kernel32 private data (Wine)

FS:[0x124]

NT

Pointer to KTHREAD (ETHREAD) structure

FS:[0x1A4]

NT

Exception code

FS:[0x1A8]

NT

Activation context stack

FS:[0x1BC]

NT,Wine

Spare bytes (NT), ntdll private data (Wine)

FS:[0x1D4]

NT,Wine

Reserved for OS (NT), ntdll private data (Wine)

FS:[0x1FC]

NT,Wine

GDI TEB Batch (OS), vm86 private data (Wine)

FS:[0x6DC]

NT

GDI Region

FS:[0x6E0]

NT

GDI Pen

FS:[0x6E4]

NT

GDI Brush

FS:[0x6E8]

NT

Real Process ID

FS:[0x6EC]

NT

Real Thread ID

FS:[0x6F0]

NT

GDI cached process handle

FS:[0x6F4]

NT

GDI client process ID (PID)

FS:[0x6F8]

NT

GDI client thread ID (TID)

FS:[0x6FC]

NT

GDI thread locale information

FS:[0x700]

NT

Reserved for user application

FS:[0x714]

NT

Reserved for GL

FS:[0xBF4]

NT

Last Status Value

FS:[0xBF8]

NT

Reserved for advapi32

FS:[0xE0C]

NT

Pointer to deallocation stack

FS:[0xE10]

NT

TLS slots, 4 byte per slot

FS:[0xF10]

NT

TLS links (LIST_ENTRY structure)

FS:[0xF18]

NT

VDM

FS:[0xF1C]

NT

Reserved for RPC

Sample Code:

void *pTIB;

__asm

{

mov EAX,FS:[20h]
mov [pTIB],EAX

}

//Here you can see the most recent Process ID in pTIB.

EAX – is a CPU Register (Accumulator Register).

Cheers!!

Sunday, September 7, 2008

CMemoryState - Detects memory leaks in your program

Memory leak occurs when memory for an object is allocated on the heap but not deallocated when it is no longer required. Such memory leaks can lead to out-of-memory errors.CMemoryState provides an excellent way to detect memory leaks in your program.

The CMemoryState diagnostics only help to detect memory leaks caused when memory allocated using the new operator is not deallocated using delete.

CMemoryState
will not address the leaks caused by malloc , LocalAlloc & GlobalAlloc.

How to Use: 

CMemoryState oldMemState, newMemState, diffMemState;
oldMemState.Checkpoint();
/* Obtains a snapshot or "checkpoint" of the current memory state.*/

/* memory allocation activities go on here */

newMemState.Checkpoint();
if(diffMemState.Difference(oldMemState,newMemState))
{

     TRACE( "Memory leak Detected!\n" );
              diffMemState.DumpAllObjectsSince();

}
/* Difference() - Computes the difference between two objects of type CMemoryState.*/
/* DumpAllObjectsSince() - Dumps a summary of all currently allocated objects since a previous checkpoint.*/

cheers!

Sunday, July 20, 2008

TI [Texas Instruments ] News Letter - July 2008

Industrial

TMS320C2000(tm) Digital Power Experimenter's Kit (DPEK)

The DPEK is ideal for those new to software based power management by providing a two channel DC/DC development mother board with on board multi-meter, TI PowerTrain(tm) modules for parametric and status information to the controller along with a removable TMS320F2808 based controlCARD. Available today for $229 and includes free application software and hardware details.-

Flash to RAM app report

Medical, motion control and motor control applications often have time-critical constraints such as code execution speed, making the TMS320F28xxx DSC popular because of its internal flash memory. However, wait states are required to access the flash. This application report, "Copying Compiler Sections from Flash to RAM on the TMS320F28xxx DSCs," provides instructions on copying initialized compiler sections (.text, .cinit, .econst, .switch) from the flash to RAM at run time, boosting code execution from as many as 15 wait states to 0 wait states. Download this application report today.

DaVinci(tm) technology-based "Crittercam"

At TIDC 2008, Corey Jaskolski, director of engineering at the National Geographic Society, demonstrated the Crittercam, a small camera mounted on animals to learn more about their behavior. The current Crittercam includes an off the shelf DVR with the next-generation HD version employing the TMS320DM355 digital media processor. See the Crittercam in action on humpback whales, great white sharks and Juan Fernandez fur seals; watch the video today.

TVP7002 industrial temperature samples now available

The TVP70025I adds a 10-bit maximum sample rate of 95 MSPS at the full temperature range for 1080i video and WXGA (60 Hz) graphics. This I-temp version of the TVP7002, a triple 8-/10-bit, 165-/110-MSPS video and graphics digitizer, is sampling now; contact your local field representative.

Automotive

Buck-Boost Converters Handle Cold Cranking in Automotive Electronics

From cold crank to load dump, buck-boost converters provide stable, steady supply voltages within the auto battery voltage range. This article highlights potential solutions that design engineers can use to deal with the challenges of the wide 12-V board-net voltage range.

Consumer Electronics

The OMAP35x EVM is now available

The modular, extensible OMAP35x evaluation module (EVM) provides all the components you need, with an OMAP3503 Linux board support package based on the 2.6.22 kernel, to develop on the OMAP3503 processor. Additionally, TI is encouraging you to share your source code and participate in the open-source community. Buy the OMAP35x EVM today.

Hands Free Kit

TMS320DM355 DaVinci(tm) processor

The DM355 DaVinci technology-based digital media processor is loaded with information to enhance portable HD applications that require low power, including digital cameras, IP network cameras and digital photo frames. The DM355 offers twice the battery life of typical portable HD systems, reduces by 50 percent the cost of today's product prices and provides MPEG-4/JPEG functionality. Begin comparing specs and view the product tree on this Web site.

Controller Area Network - CAN Basics

Controller Area Network (CAN) was initially created by German automotive system supplier Robert Bosch in the mid-1980s for automotive applications as a method for enabling robust serial communication. The goal was to make automobiles more reliable, safe and fuel-efficient while decreasing wiring harness weight and complexity.Since its inception, the CAN protocol has gained widespread popularity in industrial automation and automotive/truck applications. Other markets where networked solutions can bring attractive benefits like medical equipment, test equipment and mobile machines are also starting to utilize the benefits of CAN.


CAN OVERVIEW :
Most network applications follow a layered approach to system implementation. This systematic approach enables interoperability between products from different manufacturers. A standard was created by the International Standards Organization (ISO) as a template to follow for this layered approach. It is called the ISO Open Systems Interconnection (OSI) Network Layering Reference Model.

CAN PROTOCOL BASICS :
Carrier Sense Multiple Access with Collision Detection (CSMA/CD)
The CAN communication protocol is a CSMA/CD protocol.The CSMA stands for Carrier Sense Multiple Access. What this means is that every node on the network must monitor the bus for a period of no activity before trying to send a message on the bus (Carrier Sense). Also, once this period of no activity occurs, every node on the bus has an equal opportunity to transmit a message (Multiple Access). The CD stands for Collision Detection. If two nodes on the network start transmitting at the same time, the nodes will detect the ‘collision’ and take the appropriate action. In CAN protocol, a nondestructive bitwise arbitration method is utilized. This means that messages remain intact after arbitration is completed even if collisions are detected. All of this arbitration takes place without corruption or delay of the higher priority message.

TUSB3410 - Serial to USB Converter

The TUSB3410 [ TI ] is a USB to UART converter based on the common Intel 8052 microcontroller. The chip includes 10KB of ROM preloaded w/ TI bootcode, 256 bytes of general purpose RAM, 16KB of RAM for loading custom firmware from the I2C bus, and 2KB of RAM for data buffers and memory mapped registers. Four pins from port 3 from the 8052 microcontroller are brought out to pins for general purpose input/output ports. Texas Instruments also includes VCP (virtual com port) software for Windows with the package to allow the device to seamlessly integrate the serial device into windows.

Texas Instruments Virtual COM Port (VCP) Driver/Firmware in conjunction with the TUSB3410 device provides a simple turnkey software solution for USB-to-serial bridge applications. The TUSB3410 can be used to implement flexible full-speed USB-to-serial bridging applications, including USB/RS232, USB/RS485, USB/IrDA, and others.

The free downloadable TUSBWINVCP software package provides a Windows WDF driver and TUSB3410 (or TUSB5052) application firmware for Windows XP and Windows Vista environments. The TUSBWINVCP software package along with the TUSB3410UARTPDK hardware tool will enable rapid evaluation of the TUSB3410 as a USB-to-RS-232 Bridge.

Real Time Clock - 8051

$MOD51
HOURS EQU 07Ch ;Our HOURS variable
MINUTES EQU 07Dh ;Our MINUTES variable
SECONDS EQU 07Eh ;Our SECONDS variable
TICKS EQU 07Fh ;Our 20th of a second countdown timer
CRYSTAL EQU 11059000 ;The crystal speed
TMRCYCLE EQU 12 ;The number of crystal cycles per timer increment
TMR_SEC EQU CRYSTAL/TMRCYCLE ;The # of timer increments per second 921583
F20TH_OF_SECOND EQU TMR_SEC * .05 ;Setting the time period to be .05 * 20 = 1 sec
RESET_VALUE EQU 65536 -F20TH_OF_SECOND ;for .05 sec timer has to increment 921583*.05 = 46079 times , timer resets at 65536 , so initialize the timer value with 65536-46079


ORG 2000h ;Start assembly at 0000h
LJMP MAIN ;Jump to the main routine

ORG 001Bh ;This is where Timer 1 Interrupt Routine starts
PUSH ACC ;We'll use the accumulator, so we need to protect it
PUSH PSW ;Protect PSW flags
CLR TR1 ;Turn off timer 1 as we reset the value
MOV TH1,#HIGH RESET_VALUE ;Set the high byte of the reset value
MOV TL1,#LOW RESET_VALUE ;Set the low byte of the reset value
SETB TR1 ;Restart timer 1 now that it has been initialized
DJNZ TICKS,EXIT_RTC ;Decrement TICKS, if not yet zero we exit immediately
MOV TICKS,#20 ;Reset the ticks variable
INC SECONDS ;Increment the second varaiable
MOV A,SECONDS ;Move the seconds variable into the accumulator
CJNE A,#60,EXIT_RTC ;If we haven't counted 60 seconds, we're done.
MOV SECONDS,#0 ;Reset the seconds varaible
INC MINUTES ;Increment the number of minutes
MOV A,MINUTES ;Move the minutes variable into the accumulator
CJNE A,#60,EXIT_RTC ;If we haven't counted 60 minutes, we're done
MOV MINUTES,#0 ;Reset the minutes variable
INC HOURS ;Increment the hour variable
EXIT_RTC:
POP PSW ;Restore the PSW register
POP ACC ;Restore the accumulator
RETI ;Exit the interrupt routine

; write display function here

MAIN:
MOV TH1,#HIGH RESET_VALUE ;Initialize timer high-byte
MOV TL1,#LOW RESET_VALUE ;Initialize timer low-byte
MOV TMOD,#10h ;Set timer 1 to 16-bit mode
SETB TR1 ;Start timer 1 running
MOV HOURS,#00 ;Initialize to 0 hours
MOV MINUTES,#00 ;Initialize to 0 minutes
MOV SECONDS,#00 ;Initialize to 0 seconds
MOV TICKS,#20 ;Initialize countdown tick counter to 20
SETB EA ;Initialize interrupts
SETB ET1 ;Initialize Timer 1 interrupt
END

8 Bit LCD Control Using 8051

;8 bit LCD routines with check busy flag before sending data, command to LCD
;*************************************************************
LCD DATA P1 ;define LCD data port on port 1
BUSY BIT LCD.7 ;define LCD busy flag
E BIT P2.2 ;define LCD enable pin on port 2.2
RS BIT P2.0 ;define LCD register select pin on port 2.0
RW BIT P2.1 ;define LCD read/write pin on port 2.1
;*************************************************************
ORG 00H

LCD_INIT:
MOV A,#38H ;2 line 5x7
ACALL COMMAND
MOV A,#0CH ;LCD on cursor on
ACALL COMMAND
MOV A,#01H ;clear LCD
ACALL COMMAND
MOV A,#06H ;shift cursor right
ACALL COMMAND
DISPLAY:MOV A,#81H
ACALL COMMAND
MOV DPTR,#TEST
ACALL DISP_STRING
MOV A,#0C1H
ACALL COMMAND
MOV DPTR,#TEST+0EH
ACALL DISP_STRING
HERE: SJMP HERE
;=============================================================
COMMAND:
ACALL READY ;is LCD ready?
MOV LCD,A ;issue command code
CLR RS ;RS=0 for command
CLR RW ;R/W=0 to write to LCD|
SETB E ;E=1 for H-to-L pulse
CLR E ;E=0 ,latch in
RET
;=============================================================
DATA_DISPLAY:
ACALL READY ;is LCD ready?
MOV LCD,A ;issue data
SETB RS ;RS=1 for data
CLR RW ;R/W=0 to write to LCD
SETB E ;E=1 for H-to-L pulse
CLR E ;E=0 ,latch in
RET
;=============================================================
READY:
SETB BUSY ;make P1.7 input port
CLR RS ;RS=0 access command reg
SETB RW ;R/W=1 read command reg
;read command reg and check busy flag
BACK:
CLR E ;E=1 for H-to-L pulse
SETB E ;E=0 H-to-l pulse
JB BUSY,BACK ;stay until busy flag=0
RET
;=========================================================
DISP_STRING:
CLR A ;A=0
MOV R7,#00H ;R7=0
NEXT_CHAR:
INC R7 ;R7+1
MOVC A,@A+DPTR
ACALL DATA_DISPLAY
MOV A,R7
CJNE R7,#0EH,NEXT_CHAR
RET
;=============================================================
TEST: DB "8-Bit LCD Test","By 80C51 MCU's"
END