| Bytes Type | offset (32-bit, FS) | offset (64-bit, GS) | Windows Versions | Description |
| pointer | FS:[0x00] | GS:[0x00] | Win9x and NT | Current Structured Exception Handling (SEH) frame Note: the 64-bit version of Windows uses stack unwinding done in kernel mode instead. |
| pointer | FS:[0x08] | GS:[0x10] | Win9x and NT | Stack Limit / Ceiling of stack (low address) |
| pointer | FS:[0x0C] | GS:[0x18] | NT | SubSystemTib |
| pointer | FS:[0x10] | GS:[0x20] | NT | Fiber data |
| pointer | FS:[0x14] | GS:[0x28] | Win9x and NT | Arbitrary data slot |
| pointer | FS:[0x18] | GS:[0x30] | Win9x and NT | Linear address of TEB |
| End of NT subsystem independent part; below are Win32-dependent | ||||
| pointer | FS:[0x1C] | GS:[0x38] | NT | Environment Pointer |
| pointer | FS:[0x20] | GS:[0x40] | NT | Process ID (in some Windows distributions this field is used as 'DebugContext') |
| 4 | FS:[0x24] | GS:[0x48] | NT | Current thread ID |
| 4 | FS:[0x28] | GS:[0x50] | NT | Active RPC Handle |
| 4 | FS:[0x2C] | GS:[0x58] | Win9x and NT | Linear address of the thread-local storage array |
| 4 | FS:[0x30] | GS:[0x60] | NT | Linear address of Process Environment Block (PEB) Windows Memory Layout, User-Kernel Address Spaces |
| 4 | FS:[0x34] | GS:[0x68] | NT | Last error number |
| 4 | FS:[0x38] | GS:[0x6C] | NT | Count of owned critical sections |
| 4 | FS:[0x3C] | GS:[0x70] | NT | Address of CSR Client Thread |
| 4 | FS:[0x40] | GS:[0x78] | NT | Win32 Thread Information |
| 124 | FS:[0x44] | GS:[0x80] | NT, Wine | Win32 client information (NT), user32 private data (Wine), 0x60 = LastError (Win95&98), 0x74 = LastError (WinME) |
| 4 | FS:[0xC0] | GS:[0x100] | NT | Reserved for Wow64. Contains a pointer to FastSysCall in Wow64 |
| 4 | FS:[0xC4] | GS:[0x108] | NT | Current Locale |
| 4 | FS:[0xC8] | GS:[0x10C] | NT | FP Software Status Register |
| 216 | FS:[0xCC] | GS:[0x110] | NT, Wine | Reserved for OS (NT), kernel32 private data (Wine) herein: FS:[0x124] 4 NT Pointer to KTHREAD (ETHREAD) structure |
| 4 | FS:[0x1A4] | GS:[0x2C0] | NT | Exception code |
| 18 | FS:[0x1A8] | GS:[0x2C8] | NT | Activation context stack |
| 24 | FS:[0x1BC] | GS:[0x2E8] | NT, Wine | Spare bytes (NT), ntdll private data (Wine) |
| 40 | FS:[0x1D4] | GS:[0x300] | NT, Wine | Reserved for OS (NT), ntdll private data (Wine) |
| 1248 | FS:[0x1FC] | GS:[0x350] | NT, Wine | GDI TEB Batch (OS), vm86 private data (Wine) |
| 4 | FS:[0x6DC] | GS:[0x838] | NT | GDI Region |
| 4 | FS:[0x6E0] | GS:[0x840] | NT | GDI Pen |
| 4 | FS:[0x6E4] | GS:[0x848] | NT | GDI Brush |
| 4 | FS:[0x6E8] | GS:[0x850] | NT | Real Process ID |
| 4 | FS:[0x6EC] | GS:[0x858] | NT | Real Thread ID |
| 4 | FS:[0x6F0] | GS:[0x860] | NT | GDI cached process handle |
| 4 | FS:[0x6F4] | GS:[0x868] | NT | GDI client process ID (PID) |
| 4 | FS:[0x6F8] | GS:[0x86C] | NT | GDI client thread ID (TID) |
| 4 | FS:[0x6FC] | GS:[0x870] | NT | GDI thread locale information |
| 20 | FS:[0x700] | GS:[0x878] | NT | Reserved for user application |
| 1248 | FS:[0x714] | GS:[0x890] | NT | Reserved for GL (See wine ref for internals)[2] |
| 4 | FS:[0xBF4] | GS:[0x1250] | NT | Last Status Value |
| 532 | FS:[0xBF8] | GS:[0x1258] | NT | Static UNICODE_STRING buffer |
| pointer | FS:[0xE0C] | GS:[0x1478] | NT | Also known as DeallocationStack, it establishes the real start address of the stack buffer, hence the real stack limit: it is a few pages less than the stack limit field (which hides the guard pages used to detect stack overflows). |
| pointer[] | FS:[0xE10] | GS:[0x1480] | NT | TLS slots, 4/8 bytes per slot, 64 slots |
| 8 | FS:[0xF10] | GS:[0x1680] | NT | TLS links (LIST_ENTRY structure) |
| 4 | FS:[0xF18] | GS:[0x1690] | NT | VDM |
| 4 | FS:[0xF1C] | GS:[0x1698] | NT | Reserved for RPC |
| 4 | FS:[0xF28] | GS:[0x16B0] | NT | Thread error mode (RtlSetThreadErrorMode) |