2OO1, 2 March
NtCurrentTeb
NtCurrentTeb
NTSYSAPI
PTEB
NTAPI
NtCurrentTeb(
);
Function NtCurrentTeb returns address of TEB (Thread Environment Block) for calling thread.
NtCurrentTeb isn't typical NT CALL realised via INT 2E, becouse TEB is accessable at address fs:[0018h].
Microsoft declare NtCurrentTeb as __cdecl, but ntdll.dll export it as __stdcall (it don't have metter, becouse function don't have any parameters), so you cannot use ntdll.dll export. In this case the better way is write NtCurrentTeb manually, declaring it as __cdecl.
Documented by:
Tomasz Nowak
Requirements:
Library: ntdll.lib
See also:
TEB