Where is the address of the thread environment block (PEB)? ?

pzh_167 · Post time: 2020-1-6 07:50:01

Is the address of the thread environment block (PEB) the value of fs, where are fs: [18h], fs: [30h]?

lklklk · Post time: 2020-1-22 08:27:01

boxer2005 · Post time: 2020-1-25 17:09:01

What operating system?

pzh_167 · Post time: 2020-1-27 01:54:01

windows 2000
fs points to PEB
fs: [30h] points to TEB

fink_1 · Post time: 2020-2-5 21:15:01

The thread environment block should be a TEB and is generally stored in [FS: 0].
TEB is a structure, fs: [18h], fs: [30h] are of course members of the structure!
For details, please refer to "Encryption and Decryption" and "Software Encryption Technology" published by "www.pediy.com", which have detailed introductions.

mkmkmk2 · Post time: 2020-2-7 09:30:01

The thread environment block should be a TEB and is generally stored in [FS: 0].
TEB is a structure, fs: [18h] is a pointer to TEB,
fs: [30h] points to PEB (Process Environment Block)
For details, please refer to "Encryption and Decryption" and "Software Encryption Technology" published by "www.pediy.com", which have detailed introductions.

		Remember me	Forgot password?
Password			Register