introvirt::windows::nt::PEB Class Reference

#include <PEB.hh>

Public Member Functions
virtual guest_ptr< void >	ImageBaseAddress () const =0
virtual const PEB_LDR_DATA *	Ldr () const =0
virtual PEB_LDR_DATA *	Ldr ()=0
virtual const RTL_USER_PROCESS_PARAMETERS *	ProcessParameters () const =0
virtual RTL_USER_PROCESS_PARAMETERS *	ProcessParameters ()=0
virtual uint32_t	OSMajorVersion () const =0
virtual uint32_t	OSMinorVersion () const =0
virtual uint16_t	OSBuildNumber () const =0
virtual uint16_t	OSCSDVersion () const =0
virtual uint32_t	OSPlatformId () const =0
virtual uint16_t	ServicePackNumber () const =0
virtual uint16_t	MinorServicePackNumber () const =0
virtual uint32_t	NumberOfProcessors () const =0
virtual guest_ptr< void >	ptr () const =0
virtual bool	BeingDebugged () const =0
virtual void	BeingDebugged (bool BeingDebugged)=0
virtual	~PEB ()=default

Detailed Description

Parser for the Windows Process Environment Block (PEB)

Examples

ivprocinfo.cc.

Constructor & Destructor Documentation

~PEB()

virtual introvirt::windows::nt::PEB::~PEB ( )

virtualdefault

Member Function Documentation

BeingDebugged() [1/2]

virtual bool introvirt::windows::nt::PEB::BeingDebugged ( ) const

pure virtual

Returns

The value of the BeingDebugged field

BeingDebugged() [2/2]

virtual void introvirt::windows::nt::PEB::BeingDebugged ( bool  BeingDebugged )

pure virtual

Set the BeingDebugged field

Parameters

BeingDebugged

The value to set

ImageBaseAddress()

virtual guest_ptr< void > introvirt::windows::nt::PEB::ImageBaseAddress ( ) const

pure virtual

Returns

The base address of the executable image

Examples

ivprocinfo.cc.

Ldr() [1/2]

virtual const PEB_LDR_DATA * introvirt::windows::nt::PEB::Ldr ( ) const

pure virtual

Returns

The PEB_LDR_DATA, containing information about loaded libraries and the exe itself

Examples

ivprocinfo.cc.

Ldr() [2/2]

virtual PEB_LDR_DATA * introvirt::windows::nt::PEB::Ldr ( )

pure virtual

MinorServicePackNumber()

virtual uint16_t introvirt::windows::nt::PEB::MinorServicePackNumber ( ) const

pure virtual

Returns

The minor service pack number of the OS

NumberOfProcessors()

virtual uint32_t introvirt::windows::nt::PEB::NumberOfProcessors ( ) const

pure virtual

Returns

The number of physical processors

OSBuildNumber()

virtual uint16_t introvirt::windows::nt::PEB::OSBuildNumber ( ) const

pure virtual

Returns

The build number of the OS

OSCSDVersion()

virtual uint16_t introvirt::windows::nt::PEB::OSCSDVersion ( ) const

pure virtual

Returns

The CSD version of the OS, containing service pack information

OSMajorVersion()

virtual uint32_t introvirt::windows::nt::PEB::OSMajorVersion ( ) const

pure virtual

Returns

The major version of the OS

OSMinorVersion()

virtual uint32_t introvirt::windows::nt::PEB::OSMinorVersion ( ) const

pure virtual

Returns

The minor version of the OS

OSPlatformId()

virtual uint32_t introvirt::windows::nt::PEB::OSPlatformId ( ) const

pure virtual

Returns

The platform ID of the OS

ProcessParameters() [1/2]

virtual const RTL_USER_PROCESS_PARAMETERS * introvirt::windows::nt::PEB::ProcessParameters ( ) const

pure virtual

Returns

Information about the process environment

Examples

ivprocinfo.cc.

ProcessParameters() [2/2]

virtual RTL_USER_PROCESS_PARAMETERS * introvirt::windows::nt::PEB::ProcessParameters ( )

pure virtual

ptr()

virtual guest_ptr< void > introvirt::windows::nt::PEB::ptr ( ) const

pure virtual

Returns

The virtual address of the PEB in-guest

ServicePackNumber()

virtual uint16_t introvirt::windows::nt::PEB::ServicePackNumber ( ) const

pure virtual

Returns

The service pack number of the OS

---

The documentation for this class was generated from the following file:

• /home/runner/work/IntroVirt/IntroVirt/include/introvirt/windows/kernel/nt/types/PEB.hh