GetPebAddress - NtDoc

Native API online documentation, based on the System Informer (formerly Process Hacker) phnt headers 
// wdbgexts.h

VOID GetPebAddress(
  ULONG64    CurrentThread,
  PULONGLONG Address
);
View the official Windows Driver Kit DDI reference

NtDoc

No description available.

Edit description on GitHub

Windows Driver Kit DDI reference (nf-wdbgexts-getpebaddress)

GetPebAddress function

Description

The GetPebAddress function returns the address of the process environment block (PEB) for a system process.

Parameters

CurrentThread

Specifies an operating system thread whose PEB's address will be returned.

In kernel-mode debugging, this is the location of the KTHREAD structure, which is returned by GetCurrentThreadAddr. If CurrentThread is NULL, the PEB for the current process is returned.

In user-mode debugging, CurrentThread is ignored.

Address

Receives the address of the PEB for the current operating system process or, in kernel-mode debugging, when CurrentThread is not NULL, for the system process that contains the thread that is specified by CurrentThread.

Remarks

In user-mode debugging, the PEB for the current thread is returned.

In kernel-mode debugging, if CurrentThread is NULL, the PEB for the operating system process in which the last event occurred is returned.

See also

GetCurrentThreadAddr

GetTebAddress

View the official Windows Driver Kit DDI reference

Edit description on GitHub