Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #include <Windows.h>
- #include <stdio.h>
- void _log(UINT64 data) {
- char text[200];
- sprintf_s(text, "%p", data);
- MessageBoxA(0, text, "123", 0);
- }
- typedef struct _UNICODE_STRING_WOW64 {
- USHORT Length;
- USHORT MaximumLength;
- PVOID64 Buffer;
- } UNICODE_STRING;
- typedef struct {
- LIST_ENTRY Orders[3];
- PVOID64 base;
- PVOID64 EntryPoint;
- UINT Size;
- UNICODE_STRING dllFullPath;
- UNICODE_STRING dllname;
- } LDR_ENTRY;
- void _logStr(CHAR* data) {
- char text[200];
- sprintf_s(text, "%s", data);
- MessageBoxA(0, text, "123", 0);
- }
- PVOID64 GetModuleBase(LPWSTR moduleName) {
- UINT64 peb = (UINT64)__readgsqword(0x60);
- UINT64 moduleListAddr = *(UINT64*)(peb + 0x18);
- PVOID64 flink = *(PVOID64*)(moduleListAddr + 0x18);
- LDR_ENTRY *mod = (LDR_ENTRY*)flink;
- do
- {
- mod = (LDR_ENTRY*)mod->Orders[0].Flink;
- if (mod->base != NULL)
- {
- if (!lstrcmpiW((LPCWSTR)mod->dllname.Buffer, moduleName))
- {
- return mod->base;
- }
- }
- } while ((UINT64)flink != (UINT64)mod);
- return 0;
- }
- int main() {
- UINT64 p = (UINT64)GetModuleBase((LPWSTR)L"kernel32.dll");
- return 0;
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
