Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #include <Windows.h>
- #include <stdio.h>
- void _log(UINT64 data) {
- char text[200];
- sprintf_s(text, "%p", data);
- MessageBoxA(0, text, "123", 0);
- }
- typedef struct _PEB_LDR_DATA {
- BYTE Reserved1[8];
- PVOID64 Reserved2[3];
- LIST_ENTRY64 InMemoryOrderModuleList;
- } PEB_LDR_DATA;
- typedef struct _UNICODE_STRING_WOW64 {
- USHORT Length;
- USHORT MaximumLength;
- PVOID64 Buffer;
- } UNICODE_STRING;
- typedef struct _LDR_DATA_TABLE_ENTRY {
- PVOID64 Reserved1[2];
- LIST_ENTRY64 InMemoryOrderLinks;
- PVOID64 Reserved2[2];
- PVOID64 DllBase;
- PVOID64 EntryPoint;
- PVOID64 Reserved3;
- UNICODE_STRING FullDllName;
- BYTE Reserved4[8];
- PVOID64 Reserved5[3];
- union {
- ULONG CheckSum;
- PVOID64 Reserved6;
- };
- ULONG TimeDateStamp;
- } LDR_DATA_TABLE_ENTRY;
- typedef struct _PEB64 {
- BYTE Reserved[16];
- PVOID64 ImageBaseAddress;
- PVOID64 LdrData;
- PVOID64 ProcessParameters;
- } PEB64;
- void _logStr(CHAR* data) {
- char text[200];
- sprintf_s(text, "%s", data);
- MessageBoxA(0, text, "123", 0);
- }
- int main() {
- PEB64 ldr = *(PEB64*)(__readgsqword(0x60));
- PEB_LDR_DATA ldrData = *(PEB_LDR_DATA*)ldr.LdrData;
- LIST_ENTRY64 headFlink = (LIST_ENTRY64)ldrData.InMemoryOrderModuleList;
- LIST_ENTRY64 first = *(LIST_ENTRY64*)headFlink.Flink;
- UINT64 entryAddr = headFlink.Flink;
- LIST_ENTRY64 currentListEntry = *(LIST_ENTRY64*)entryAddr;
- while (currentListEntry.Flink != headFlink.Flink) {
- currentListEntry = *(LIST_ENTRY64*)entryAddr;
- LDR_DATA_TABLE_ENTRY entry = *(LDR_DATA_TABLE_ENTRY*)(entryAddr + 0x10);
- /*
- Чекай entry.FullDllName
- Парси от entry.DllBase
- */
- _log(entry.CheckSum);
- entryAddr = currentListEntry.Flink;
- }
- return 0;
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement