When running the !pcr command in Windbg, the NT_TIB structure shows zeros for StackBase and StackLimit. I am debugging drivers on Windows 7 x32 Ultimate using Windbg via COM port. OS is running on VMWare.
kd> !pcr
KPCR for Processor 0 at 8296ec00:
Major 1 Minor 1
NtTib.ExceptionList: 8296b0ac
NtTib.StackBase: 00000000
NtTib.StackLimit: 00000000
NtTib.SubSystemTib: 801db000
NtTib.Version: 000140f2
NtTib.UserPointer: 00000001
NtTib.SelfTib: 00000000
SelfPcr: 8296ec00
Prcb: 8296ed20
Irql: 0000001f
IRR: 00000000
IDR: ffffffff
InterruptMode: 00000000
IDT: 80b95400
GDT: 80b95000
TSS: 801db000
CurrentThread: 82978380
NextThread: 00000000
IdleThread: 82978380
DpcQueue:
Is it possible to get valid stack base and limit adresses on Win7 x32? I need to verify, that SEH Registration address is valid and locates between system thread's stack base address and it's limit address. In the link below you can see, that it takes those values from FS registry, but in my case those values are zeros. Please correct me if I'm wrong about the meaning of _stack_limit and _stack_base in the avakar's implementation
As an alternative way to validate these addresses I use `IoWithinStackLimits` function (msdn)
The IoWithinStackLimits routine determines whether a region of memory is within the stack limit of the current thread.