[ACCEPTED]-How to get the Process Environment Block (PEB) from extern process?-api
Matt Pietrek described how to do that in 16 a 1994 Under the Hood column. It was about how to get the environment 15 variables of another process, where the 14 first step is to get a pointer to the PEB. To 13 do that, he says, call NtQueryInformationProcess. The PROCESS_BASIC_INFORMATION structure 12 it fills contains the base address of the 11 PEB structure. (You'll need to use ReadProcessMemory to read 10 it since the address will be in the context 9 of the external process's address space, not 8 yours.)
To call NtQueryInformationProcess, you'll need a handle to 7 the process. If you started the process 6 yourself (by calling CreateProcess), then you already 5 have a handle. Otherwise, you'll need to 4 find the process ID and then call OpenProcess. To get 3 the process ID, search for the process you 2 want with EnumProcesses or Process32First/Process32Next. (I prefer the latter because 1 it provides more information with less work.)
More Related questions
We use cookies to improve the performance of the site. By staying on our site, you agree to the terms of use of cookies.