

peb builder is a small application to build the Process Envirnoment Block
for scdbg.

This complex task has been extracted from the main code base so that it
could be thoroghly tested and examined directly in memory.

Several common peb parsers taken from shellcode samples have also been
extracted and are run against the peb generated by this application.

The main code now uses a static PEB buffer as generated by this application.
If you add dlls to the main code, just generate a new PEB and update the buffer
in the main code. 

You can test out PEB modifications without recompiling the main code base
by using patch file capability (as generated by patchgen.exe)

This application can be run in two modes. With no arguments it will go into
test mode and output some debug results.

If you specify the virtual address for the peb, it will use that to
generate all of the list/data offsets and spit out the results to a file in 
the current directory named peb.bin

this was the only sane way I could think of to develop and really 
test this complex code.


See the following article for more details on these structures:

http://sandsprite.com/CodeStuff/Understanding_the_Peb_Loader_Data_List.html
