2OO1, 2 March
NtCurrentTeb
NtCurrentTeb
NTSYSAPI
PTEB
NTAPI
NtCurrentTeb(
);
Function NtCurrentTeb returns address of TEB
(Thread Environment Block) for calling thread.
NtCurrentTeb isn't typical NT CALL realised
via INT 2E, becouse TEB
is accessable at address
fs:[0018h].
Microsoft declare NtCurrentTeb as __cdecl, but
ntdll.dll export it as __stdcall (it don't
have metter, becouse function don't have any parameters), so you
cannot use ntdll.dll export. In this case the better
way is write NtCurrentTeb manually, declaring it as
__cdecl.
- Documented by:
- Tomasz Nowak
Requirements:
- Library: ntdll.lib
See also:
- TEB