Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Access to the Windows PEB structure. #23813

Open
numonce opened this issue Dec 18, 2024 · 1 comment
Open

Access to the Windows PEB structure. #23813

numonce opened this issue Dec 18, 2024 · 1 comment
Labels
RDebug Windows Microsoft Windows platform support issues
Milestone
6.0.0

Comments

@numonce
Copy link
Contributor

numonce commented Dec 18, 2024

Description

Provide the ability to read the Process Environment Block in Windows to mimic the functionality of windbg.

Dynamically finding the address of the PEB

image

Overlaying the PEB structure on the aforementioned address.

image

Microsoft seems to have removed the PEB symbol from recent versions of ntdll.pdb. Attached is a version that contains the PEB symbol.

ntdllpdb.tar.gz
@trufae trufae added this to the 6.0.0 milestone Dec 21, 2024
@trufae trufae added Windows Microsoft Windows platform support issues RDebug labels Dec 21, 2024
@trufae
Copy link
Collaborator

trufae commented Dec 21, 2024

The :tls command should be implemented in the w32dbg plugin or maybe add a new callback in the rdebug plugin structure to get the thread local storage address for the given thread id.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
RDebug Windows Microsoft Windows platform support issues
Projects
None yet
Milestone
6.0.0
Development

No branches or pull requests
2 participants
@trufae @numonce