Hi, everyone.
We can use EPROCESS->PEB or PsGetProcessPeb to get PEB64 of 32-bit process.
But how to get PEB32 of 32-bit process?
I found this:
Peb32 = (PPEB32)Process->Wow64Process->Wow64
But what is the definition of Wow64Process structure?
We can use EPROCESS->PEB or PsGetProcessPeb to get PEB64 of 32-bit process.
But how to get PEB32 of 32-bit process?
I found this:
Peb32 = (PPEB32)Process->Wow64Process->Wow64
But what is the definition of Wow64Process structure?
