Have a need to pull the data out of the PEB structure.
I’m assuming the BeingDebugged byte is set using one of the Debug api’s?
Thing is, if I set the project to Release and then attach the Debugger to the process using Cladb | C60dbx -p , and even though the stack trace shows
CREATE_THREAD_DEBUG_EVENT: tid=00000264
thread handle=00000110
EXIT_THREAD_DEBUG_EVENT: tid=00000264
this BeingDebugged byte is still set.
Is it reliable to use, or does any of you know of other ways to trigger this byte being set?