PEB Undocumented functions of NTDLL

typedef struct _PEB {

BOOLEAN InheritedAddressSpace;

BOOLEAN ReadImageFileExecOptions;

BOOLEAN BeingDebugged;

BOOLEAN Spare;

HANDLE Mutant;

PVOID ImageBaseAddress;

PPEB_LDR_DATA LoaderData;

PRTL_USER_PROCESS_PARAMETERS ProcessParameters; PVOID SubSystemData;

PVOID ProcessHeap;

PVOID FastPebLock;

PPEBLOCKROUTINE FastPebLockRoutine;

PPEBLOCKROUTINE FastPebUnlockRoutine;

ULONG EnvironmentUpdateCount;

PPVOID KernelCallbackTable;

PVOID EventLogSection;

PVOID EventLog;

PPEB_FREE_BLOCK FreeList;

ULONG TlsExpansionCounter;

PVOID TlsBitmap;

ULONG TlsBitmapBits[0x2];

PVOID ReadOnlySharedMemoryBase;

PVOID ReadOnlySharedMemoryHeap;

PPVOID ReadOnlyStaticServerData;

PVOID AnsiCodePageData;

PVOID OemCodePageData;

PVOID UnicodeCaseTableData;

ULONG NumberOfProcessors;

ULONG NtGlobalFlag;

BYTE Spare2[0x4];

LARGE_INTEGER CriticalSectionTimeout;

ULONG HeapSegmentReserve;

ULONG HeapSegmentCommit;

ULONG HeapDeCommitTotalFreeThreshold;

ULONG HeapDeCommitFreeBlockThreshold;

ULONG NumberOfHeaps;

ULONG MaximumNumberOfHeaps;

PPVOID *ProcessHeaps;

PVOID GdiSharedHandleTable;

PVOID ProcessStarterHelper;

PVOID GdiDCAttributeList;

PVOID LoaderLock;

ULONG OSMajorVersion;

ULONG OSMinorVersion;

ULONG OSBuildNumber;

ULONG OSPlatformId;

ULONG ImageSubSystem;

ULONG ImageSubSystemMajorVersion;

ULONG ImageSubSystemMinorVersion;

ULONG GdiHandleBuffer[0x22];

ULONG PostProcessInitRoutine;

ULONG TlsExpansionBitmap;

BYTE TlsExpansionBitmapBits[0x80];

ULONG SessionId;

} PEB, *PPEB;

Structure PEB (Process Enviroment Block) contains all User-Mode parameters

associated by system with current process.

InheritedAddressSpace

ReadImageFileExecOptions

BeingDebugged

Spare

Mutant

ImageBaseAddress Address of executable image in process' memory.

LoaderData Pointer to PEB_LDR_DATA structure contains information filled by Loader.

ProcessParameters Pointer to RTL_USER_PROCESS_PARAMETERS structure.

SubSystemData

ProcessHeap Address of process' first heap allocated by Loader.

FastPebLock Parameter for PEBLOCKROUTINE (see below).

FastPebLockRoutine Address of fast-locking routine for PEB. Definition of routine is:

typedef void (*PPEBLOCKROUTINE)(

PVOID PebLock

);

FastPebUnlockRoutine PEB fast-unlock routine.

EnvironmentUpdateCount Counter of process environment updates.

KernelCallbackTable

EventLogSection

EventLog

FreeList

TlsExpansionCounter

TlsBitmap

TlsBitmapBits[0x2]

ReadOnlySharedMemoryBase

ReadOnlySharedMemoryHeap

ReadOnlyStaticServerData

AnsiCodePageData

OemCodePageData

UnicodeCaseTableData

NumberOfProcessors

NtGlobalFlag

Spare2[0x4]

CriticalSectionTimeout

HeapSegmentReserve

HeapSegmentCommit

HeapDeCommitTotalFreeThreshold

HeapDeCommitFreeBlockThreshold

NumberOfHeaps

MaximumNumberOfHeaps

*ProcessHeaps

GdiSharedHandleTable

ProcessStarterHelper

GdiDCAttributeList

LoaderLock

OSMajorVersion

OSMinorVersion

OSBuildNumber

OSPlatformId

ImageSubSystem

ImageSubSystemMajorVersion

ImageSubSystemMinorVersion

GdiHandleBuffer[0x22]

PostProcessInitRoutine

TlsExpansionBitmap

TlsExpansionBitmapBits[0x80]

SessionId

Documented by:

Reactos

Tomasz Nowak

Requirements: Library: ntdll.lib