Process PEB Finder is the console based tool to find and display PEB Address of running Processes on your system.
PEB (Process Environment Block) is the part of Process memory where is stores important information including loaded modules, startup paramenters, environment variables, debug information etc.
Process PEB Finder helps you to quickly get the address of PEB for any Process. By default it displays PEB address of all running Processes. However you can get the PEB address of specific process by entering either its ID or name.
This tool will be more useful for debuggers and researchers. Being a command-line tool makes it easy for automation.
It is available in both 32-bit & 64-bit versions and works on all platforms starting from Windows XP to Windows 8.
How to use?
Process PEB Finder is very easy to use tool. It is command-line/console based tool, hence you have to launch it from the command prompt (cmd.exe).
//Find & Display PEB Address of all running Processes
ProcessPEBFinder.exe
//Find the PEB Address of Process with pid 1151
ProcessPEBFinder.exe -p 1151
//Find the PEB Address of Process with name 'chrome'
ProcessPEBFinder.exe -n chrome
//Show this help screen
ProcessPEBFinder.exe -h
Note that it includes both 32-bit (ProcessPEBFinder32.exe) and 64-bit version (ProcessPEBFinder64.exe). On 64-bit operating systems, you have to use the 64-bit version.
Screenshots
Release History
Version 1.5: 1st July 2013
Detects and alerts user if 32-bit version run on 64-bit system
