Official way to get the Thread Information/Environment Block (TIB/TEB)

The macro NtCurrentTeb() is available in winnt.h for all supported architectures, including ARM (Windows RT):

#if defined(_M_ARM) && !defined(__midl) && !defined(_M_CEE_PURE)__forceinlinestruct _TEB *NtCurrentTeb (    VOID    ){    return (struct _TEB *)(ULONG_PTR)_MoveFromCoprocessor(CP15_TPIDRURW);}

windows winapi windows-runtime

To answer your posted question, you can use NtQueryInformationThread() to retrieve a THREAD_BASIC_INFORMATION structure, which contains a pointer to the thread's TIB in its TebBaseAddress member.

windows winapi windows-runtime

Igor nailed it. But FYI, in ARM assembly it goes like this:

mrc p15, 0, r12, c13, c0, 2 ; r12 now points at TEB/TIBldr r12, [r12, #4] ; r12 now holds stack base

CodeHunter

Official way to get the Thread Information/Environment Block (TIB/TEB)

Recent Posts

How can I color dots in a xy scatterplot according to column value?

How to update a claim in ASP.NET Identity?

What does {0} mean when initializing an object?

Accessing members of items in a JSONArray with Java

How to log SQL statements in Spring Boot?

Powershell Get-WebSite name parameter is ignored

How to detect scroll to bottom of html element

Java synchronized method

How to test controllers with CodeIgniter?

Detect Visual Composer

Matplotlib: Specify format of floats for tick labels

Rails join a list of strings with commas and "and" before the last