Operator On The Wire
Join
← Back to Knowledge Base
BLUE TEAM / MALWARE REVERSE / WINDOWS / WINDBG

Process Parameters

1. Get Address

dt _PEB @$peb ProcessParameters

2. Dump Address

dt ntdll!_RTL_USER_PROCESS_PARAMETERS <Address>