Debugging Tools for Windows

GetCurrentProcessAddr

The GetCurrentProcessAddr function returns the location of the system data that describes the current process.

VOID
 GetCurrentProcessAddr(
    DWORD  Processor,
    ULONG64  CurrentThread,
    PULONG64  Address
    );

Parameters

Processor
Specifies the index of the processor or virtual thread that was running the current thread when the last event occurred. Processor is only used in kernel-mode debugging; and, only if CurrentThread is NULL.
CurrentThread
Specifies the location of the system data for the current thread. This is the location returned by GetCurrentThreadAddr.

In kernel-mode debugging, CurrentThread can be NULL, in which case Processor is used instead.

Address
Receives the location of the system data that describes the current process.

Return Value

None

Comments

In user-mode debugging, GetCurrentProcessAddr returns the location of the process's Process Environment Block (PEB). This is the same location that GetPebAddress returns.

In kernel-mode debugging, GetCurrentProcessAddr returns the location of the KPROCESS structure of the current process.

For details on the KPROCESS and PEB structures, see Microsoft Windows Internals by David Solomon and Mark Russinovich.

Requirements

Headers: Defined in wdbgexts.h. If you are writing a WdbgExts extension, include wdbgexts.h. If you are writing a DbgEng extension that calls this function, include wdbgexts.h before dbgeng.h (see Writing DbgEng Extension Code for details).

See Also

GetCurrentThreadAddr, GetPebAddress

Build machine: CAPEBUILD