Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ;---------------------------------------------
- ; Get DLL List without API
- ; Copyright (C) by ManHunter / PCL
- ; http://www.manhunter.ru
- ;---------------------------------------------
- format PE console 4.0
- entry start
- include 'win32w.inc'
- ;---------------------------------------------
- struct UNICODE_STRING
- Length dw ?
- MaximumLength dw ?
- Buffer dd ?
- ends
- struct LIST_ENTRY
- Flink dd ?
- Blink dd ?
- ends
- struct LDR_DATA_ENTRY
- InMemoryOrderModuleList LIST_ENTRY
- BaseAddress dd ?
- EntryPoint dd ?
- SizeOfImage dd ?
- FullDllName UNICODE_STRING
- BaseDllName UNICODE_STRING
- Flags dd ?
- LoadCount dw ?
- TlsIndex dw ?
- HashTableEntry LIST_ENTRY
- TimeDateStamp dd ?
- ends
- ;---------------------------------------------
- section '.text' code readable executable
- align 10h
- data import
- library kernel32,'kernel32.dll',\
- user32,'user32.dll'
- include 'api/kernel32.inc'
- include 'api/user32.inc'
- end data
- align 10h
- mask du 'Module: "%s"',13,10,'BaseAddress: %08Xh EntryPoint: %08Xh',13,10,13,10,0
- align 10h
- start:
- ; EAX -> PEB
- mov eax,[fs:0x30]
- ; EAX -> PEB_LDR_DATA
- mov eax,[eax+0x0C]
- ; EBX -> InInitializationOrderModuleList
- mov ebx,[eax+0x1C]
- invoke GetStdHandle,STD_OUTPUT_HANDLE
- mov esi,eax
- @@:
- ; Последняя запись?
- cmp [ebx+LDR_DATA_ENTRY.BaseAddress],0
- je @F
- cinvoke wsprintf,buff,mask,[ebx+LDR_DATA_ENTRY.FullDllName.Buffer],\
- [ebx+LDR_DATA_ENTRY.BaseAddress],\
- [ebx+LDR_DATA_ENTRY.EntryPoint]
- invoke WriteConsole,esi,buff,eax,dummy,0
- ; Указатель на следующую запись
- mov ebx,[ebx+LDR_DATA_ENTRY.InMemoryOrderModuleList.Flink]
- jmp @B
- @@:
- ; Получить хэндл стандартного ввода stdin
- invoke GetStdHandle,STD_INPUT_HANDLE
- mov esi,eax
- ; Установить режим консоли
- invoke SetConsoleMode,esi,NULL
- ; Дождаться нажатия любой клавиши
- invoke ReadConsole,esi,buff,1,dummy,0
- invoke ExitProcess,0
- ;---------------------------------------------
- section '.data' readable writeable
- dummy dd ?
- buff du 1024 dup(?)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement