Debugging Tools for Windows

GetPebAddress

The GetPebAddress function returns the address of the process environment block (PEB) for a system process.

VOID
 GetPebAddress(
    ULONG64  CurrentThread,
    PULONGLONG  Address
    );

Parameters

CurrentThread
Specifies an operating system thread whose PEB's address will be returned.

In kernel-mode debugging, this is the location of the KTHREAD structure, which is returned by GetCurrentThreadAddr. If CurrentThread is NULL, the PEB for the current process is returned.

In user-mode debugging, CurrentThread is ignored.

Address
Receives the address of the PEB for the current operating system process or, in kernel-mode debugging, when CurrentThread is not NULL, for the system process that contains the thread that is specified by CurrentThread.

Return Value

None

Comments

In user-mode debugging, the PEB for the current thread is returned.

In kernel-mode debugging, if CurrentThread is NULL, the PEB for the operating system process in which the last event occurred is returned.

Requirements

Headers: Defined in wdbgexts.h. If you are writing a WdbgExts extension, include wdbgexts.h. If you are writing a DbgEng extension that calls this function, include wdbgexts.h before dbgeng.h (see Writing DbgEng Extension Code for details).

See Also

GetCurrentThreadAddr, GetTebAddress


© 2008 Microsoft Corporation
Send feedback on this topic
Debugging Tools for Windows
August 24, 2008
Build machine: CAPEBUILD