unknown Posted December 22, 2022 Share Posted December 22, 2022 I came into a problem where i need to grab BeingDebugged BYTE from PEB https://learn.microsoft.com/en-us/windows/win32/api/winternl/ns-winternl-peb I got the address of PEB from x64 system PEB* _PEB = (PEB*)(__readgsqword(0x60)); to get the address of BeingDebugged flag i need something like (PBYTE)_PEB + 0x002 but i am not sure what typecasting exactly i have to use , give me your lights. Link to comment
h4sh3m Posted December 23, 2022 Share Posted December 23, 2022 Hi Do you mean this ?! BYTE IsDebugging = _PEB.BeingDebugged; Link to comment
unknown Posted December 24, 2022 Author Share Posted December 24, 2022 14 hours ago, h4sh3m said: Hi Do you mean this ?! BYTE IsDebugging = _PEB.BeingDebugged; This works , however i was trying to do it other way. I think i found what i was looking for. IsDebug = (BYTE) * (PDWORD64)((PBYTE)_PEB + 0x2); Link to comment
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now