Process PEB Finder : Command-line Tool to find and display PEB Address of Process
Process PEB Finder
See Also
Process PEB Finder is the console based tool to find and display PEB Address of running Processes on your system.

PEB (Process Environment Block) is the part of Process memory where is stores important information including loaded modules, startup paramenters, environment variables, debug information etc.

Process PEB Finder helps you to quickly get the address of PEB for any Process. By default it displays PEB address of all running Processes. However you can get the PEB address of specific process by entering either its ID or name.

This tool will be more useful for debuggers and researchers. Being a command-line tool makes it easy for automation.

It is available in both 32-bit & 64-bit versions and works on all platforms starting from Windows XP to Windows 8.

How to use?
Process PEB Finder is very easy to use tool. It is command-line/console based tool, hence you have to launch it from the command prompt (cmd.exe).

Here is the simple usage information
[For 32-bit Systems]
ProcessPEBFinder32.exe [-p <pid> | -n <process_name>]
[For 64-bit Systems]
ProcessPEBFinder64.exe [-p <pid> | -n <process_name>]
Examples of Process PEB Finder
//Find & Display PEB Address of all running Processes
//Find the PEB Address of Process with pid 1151
ProcessPEBFinder.exe -p 1151
//Find the PEB Address of Process with name 'chrome'
ProcessPEBFinder.exe -n chrome
//Show this help screen
ProcessPEBFinder.exe -h
Note that it includes both 32-bit (ProcessPEBFinder32.exe) and 64-bit version (ProcessPEBFinder64.exe). On 64-bit operating systems, you have to use the 64-bit version.
ProcessPEBFinder in Action
Release History
Version 1.5:  1st July 2013
Detects and alerts user if 32-bit version run on 64-bit system
Version 1.0:  6th May 2013
First public release of Process PEB Finder.
FREE Download Process PEB Finder v1.5

License  : Freeware
Platform : Windows XP, Vista, Windows 7, Windows 8

See Also