As opposed in a concurrent thread (initial register values), the PEB can easily be retrieved with the following (VC) C++ code:
void *PEB = NULL;
__asm
{
mov eax,fs:[0x30]
mov PEB,eax
}
On windows 2000 it is constantly 0x7ffdf000
regards, PHaX