Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ;---------------------------------------------
- ; Get DLL List without API
- ; Copyright (C) by ManHunter / PCL
- ; http://www.manhunter.ru
- ;---------------------------------------------
- format PE console 4.0
- entry start
- include 'win32wx.inc'
- ;---------------------------------------------
- struct UNICODE_STRING
- Length dw ?
- MaximumLength dw ?
- Buffer dd ?
- ends
- struct LIST_ENTRY
- Flink dd ?
- Blink dd ?
- ends
- struct LDR_DATA_ENTRY
- InMemoryOrderModuleList LIST_ENTRY
- BaseAddress dd ?
- EntryPoint dd ?
- SizeOfImage dd ?
- FullDllName UNICODE_STRING
- BaseDllName UNICODE_STRING
- Flags dd ?
- LoadCount dw ?
- TlsIndex dw ?
- HashTableEntry LIST_ENTRY
- TimeDateStamp dd ?
- ends
- ;---------------------------------------------
- section '.data' data readable writeable
- mask du 'Module: "%s" BaseAddress: %08Xh EntryPoint: %08Xh',13,10,0
- buff du 1024 dup 0
- dummy dd 0
- ;---------------------------------------------
- section '.code' code readable executable
- start:
- ; EAX -> PEB
- mov eax,[fs:0x30]
- ; EAX -> PEB_LDR_DATA
- mov eax,[eax+0x0C]
- ; EBX -> InInitializationOrderModuleList
- mov ebx,[eax+0x1C]
- invoke GetStdHandle,STD_OUTPUT_HANDLE
- mov esi,eax
- @@:
- ; Последняя запись?
- cmp [ebx+LDR_DATA_ENTRY.BaseAddress],0
- je @f
- cinvoke wsprintf,buff,mask,[ebx+LDR_DATA_ENTRY.FullDllName.Buffer],\
- [ebx+LDR_DATA_ENTRY.BaseAddress],\
- [ebx+LDR_DATA_ENTRY.EntryPoint]
- invoke WriteConsole,esi,buff,eax,dummy,0
- ; Указатель на следующую запись
- mov ebx,[ebx+LDR_DATA_ENTRY.InMemoryOrderModuleList.Flink]
- jmp @b
- @@:
- invoke ExitProcess,0
- ;---------------------------------------------
- section '.idata' import data readable writeable
- library kernel32,'kernel32.dll',\
- user32,'user32.dll'
- include 'api\kernel32.inc'
- include 'api\user32.inc'
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
