mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-25 04:45:27 +00:00
15 lines
343 B
Plaintext
15 lines
343 B
Plaintext
|
in x64
|
||
|
1.get peb from fs:[0x60] by asm file
|
||
|
2.get Ldr by peb
|
||
|
3.get kernel32 module in the third module
|
||
|
ntdll->kernelbase->kernel32
|
||
|
|
||
|
in x86
|
||
|
1.get peb from fs:[0x30] by inline asm
|
||
|
2.get Ldr by peb
|
||
|
3.get kernel32 module in the second module
|
||
|
ntdll->kernel32
|
||
|
|
||
|
the offset in the PEB is different from x64 and x86
|
||
|
This demo is only Test on Win7 x64
|