News:

Masm32 SDK description, downloads and other helpful links
Message to All Guests
NB: Posting URL's See here: Posted URL Change

Main Menu

TIB and PEB

Started by xanatose, October 24, 2015, 02:13:23 PM

Previous topic - Next topic

xanatose

I found some reference on the Thread Information Block (TIB) and the Process Environment Block (PEB)
under win32. By using the FS register.

https://en.wikipedia.org/wiki/Win32_Thread_Information_Block

However I would like to get the same information for Win64. Does anyone knows where to get the information?

TWell

Tell me more about TEB/TIB like here

TWell

#2
Win64 PEB?printf("PEB: %X\n", __readgsqword(0x60));mov RAX, GS:[0x60]Is this correct?

Vortex

http://stackoverflow.com/questions/10802532/fastest-way-to-get-the-tid-thread-information-block-in-a-64-bit-windows-applic

dedndave

from what i can see, it's the same as 32-bit, except that the GS register is used, rather than FS
i don't have 64-bit windows to test that   :P

adeyblue

RtlGetCurrentPeb() in ntdll.dll returns the address of the PEB in eax/rax