updates and moves

n/a
2026-06-16 15:59:24 +00:00 · 2022-04-11 20:00:13 -05:00
parent 1275ea2e03
commit 900263ea6f
809 changed files with 149115 additions and 1594 deletions
@@ -0,0 +1,14 @@
+in x64
+1.get peb from fs:[0x60] by asm file
+2.get Ldr by peb
+3.get kernel32 module in the third module 
+ntdll->kernelbase->kernel32
+
+in x86
+1.get peb from fs:[0x30] by inline asm
+2.get Ldr by peb
+3.get kernel32 module in the second module
+ntdll->kernel32
+
+the offset in the PEB is different from x64 and x86
+This demo is only Test on Win7 x64