mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2026-06-15 15:29:23 +00:00
vxundergroundin x64 1.get peb from fs:[0x60] by asm file 2.get Ldr by peb 3.get kernel32 module in the third module ntdll->kernelbase->kernel32 in x86 1.get peb from fs:[0x30] by inline asm 2.get Ldr by peb 3.get kernel32 module in the second module ntdll->kernel32 the offset in the PEB is different from x64 and x86 This demo is only Test on Win7 x64