67 lines
1.7 KiB
C
67 lines
1.7 KiB
C
//main.c
|
|
#include <stdint.h>
|
|
#include "stdfuncs.h"
|
|
#include "peb.h"
|
|
|
|
/************************************************
|
|
* returns data taken from the win process *
|
|
* environment block reqEntry specifies which *
|
|
* information you want to get returned. *
|
|
* reqEntry = 1 returns base addr of own proc *
|
|
* reqEntry = 0 returns baddr of kernel32/base *
|
|
************************************************/
|
|
void *get_peb_data(int reqEntry) {
|
|
void *kernelMz;
|
|
peb *peb;
|
|
ldr_data_table_entry *ldte;
|
|
|
|
char kernelName[50];
|
|
|
|
|
|
#if defined(__amd64__)
|
|
#define KERNELNAME_LEN 10
|
|
__asm__("mov %%fs:0x60, %0;\r\n"
|
|
: "=r" (peb)
|
|
:
|
|
: "rax");
|
|
kernelName[0] = 'K';
|
|
kernelName[1] = 'E';
|
|
kernelName[2] = 'R';
|
|
kernelName[3] = 'N';
|
|
kernelName[4] = 'E';
|
|
kernelName[5] = 'L';
|
|
kernelName[6] = 'B';
|
|
kernelName[7] = 'A';
|
|
kernelName[8] = 'S';
|
|
kernelName[9] = 'E';
|
|
|
|
#else
|
|
#define KERNELNAME_LEN 8
|
|
__asm__("mov %%fs:0x30, %0;"
|
|
: "=r" (peb)
|
|
:
|
|
: "eax");
|
|
kernelName[0] = 'K';
|
|
kernelName[1] = 'E';
|
|
kernelName[2] = 'R';
|
|
kernelName[3] = 'N';
|
|
kernelName[4] = 'E';
|
|
kernelName[5] = 'L';
|
|
kernelName[6] = '3';
|
|
kernelName[7] = '2';
|
|
#endif
|
|
if (reqEntry == 0) {
|
|
ldte = (ldr_data_table_entry *)peb->pLdr->InInitializationOrderModuleList.next;
|
|
while (-1 == ascii_ucode_find(kernelName, ldte->BaseDllName, KERNELNAME_LEN))
|
|
ldte = (ldr_data_table_entry *)ldte->InInitializationOrderModuleList.next;
|
|
return ldte->DllBase;
|
|
}
|
|
if (reqEntry == 1) {
|
|
return peb->lpImageBaseAddress;
|
|
}
|
|
return 0;
|
|
}
|
|
|
|
|
|
|