1.写⼀段汇编代码，获取进程 ID 2.写⼀段汇编代码，获取线程 ID 3.写⼀段汇编代码，获取 PEB 地址 #include #include #include using namespace std; int main() { int pid, tid, ebpAddr; __asm { mov eax, fs : [0x20] mov ebx, fs : [0x24] mov ecx, fs : [0x30] mov pid, eax mov tid, ebx mov ebpAddr, ecx } cout << "pic is " << pid << endl; cout << "tid is " << tid << endl; cout << "ebp address is " << ebpAddr << endl; _PEB* ptr = reinterpret_cast(ebpAddr); cout << "debugged is " <BeingDebugged << endl; system("pause"); }