Debugging Tools for Windows

GetCurrentProcessDataOffset

The GetCurrentProcessDataOffset method returns the location of the system data structure describing the current process.

HRESULT
  IDebugSystemObjects::GetCurrentProcessDataOffset(
    OUT PULONG64  Offset
    );

Parameters

Offset
Receives the location in the target's virtual address space of the system data structure describing the current process.

Return Value

S_OK
The method was successful.

This method may also return error values. See Return Values for more details.

Interface Version

GetCurrentProcessDataOffset is available in all versions of IDebugSystemObjects.

Comments

In user-mode debugging, the location returned is of the process environment block (PEB) for the current process. This is the same location returned by GetCurrentProcessPeb.

In kernel-mode debugging, the location returned is of the KPROCESS structure for the system process in which the last event occurred.

Note  In kernel mode, the current process of the target is always the single virtual process the debugger engine created for the kernel. However, because events may occur in different system processes, the KPROCESS location returned by this method may change.

For more information about processes, see Threads and Processes. For details about the PEB and KPROCESS structures, see Microsoft Windows Internals by David Solomon and Mark Russinovich.

Requirements

Headers: Defined in Dbgeng.h. Include Dbgeng.h.

Build machine: CAPEBUILD