You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In process.rs there is a comment starting on line 259 stating that Process.address() returns the address of the PEB.
Upon testing, I found that it actually is the address of the EPROCESS structure.
I would be happy to correct this as well as add more documentation, is there a desired format?
In process.rs there is a comment starting on line 259 stating that Process.address() returns the address of the PEB. Upon testing, I found that it actually is the address of the EPROCESS structure.
I would be happy to correct this as well as add more documentation, is there a desired format?
Are you observing this when enumerating kernel modules? If so, then If you would like to add a note next to it that in windows kernel this returns the EPROCESS structure that would help, thanks.
Maybe something like:
/// On a Windows process module this will be the address where the [`PEB`](https://docs.microsoft.com/en-us/windows/win32/api/winternl/ns-winternl-peb) entry is stored.
/// On a Windows kernel module this will be the address of the [`_EPROCESS`](https://www.nirsoft.net/kernel_struct/vista/EPROCESS.html) structure.
The ideal place to add this documentation would be within the typing file, here.
The text was updated successfully, but these errors were encountered: