Hey All, At 08:57 PM 7/02/2003 +0100, dullien@gmx.de wrote:
Incase anyone is wondering about these Russian papers on the reverse engineered contents of the PEB and TIB there have been a number of posts to the newsgroups with the structures in question. You don't have to understand Russian given that the field names make most of them pretty obvious, check out:Concerning information on TIB and PEB: If you're too lazy to learn russian/polish, you might consider taking (a) the wine header files (which attempt to document parts of these structures) and (b) a debugger and go spellunking yourself. Oh, and MS does provide some limited information: http://msdn.microsoft.com/msdnmag/issues/02/08/EscapefromDLLHell/default.aspx
http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&safe=off&q=_NT_TEB&btnG=Google+Search
Cheers,
Shaun
