FYI if you’re willing to link with ntdll or dynamically resolve it there’s a ton of APIs that return TEB/PEB or leave them in one of the registers. (Don’t believe official return values. MSDN is a liar!)
See Tweet
FYI if you’re willing to link with ntdll or dynamically resolve it there’s a ton of APIs that return TEB/PEB or leave them in one of the registers. (Don’t believe official return values. MSDN is a liar!)
See Tweet