Mirrors
/
Windows-Rootkits
mirror of https://github.com/ciyze0101/Windows-Rootkits
6
0
Fork 0
Code Issues Projects Releases Wiki Activity
Windows-Rootkits/GetKernel32Addressx64
History
LycorisGuard ee2cc8b2b0 Add Comment 
Add Comment
 		2018-08-14 13:58:20 +08:00
..
GetKernel32Addressx64 Add Comment 2018-08-14 13:58:20 +08:00
GetKernel32Addressx64.sln Add files via upload 2016-09-08 20:28:58 +08:00
ReadMe.txt Add Comment 2018-08-14 13:58:20 +08:00

ReadMe.txt 

in x64
1.get peb from fs:[0x60] by asm file
2.get Ldr by peb
3.get kernel32 module in the third module 
ntdll->kernelbase->kernel32

in x86
1.get peb from fs:[0x30] by inline asm
2.get Ldr by peb
3.get kernel32 module in the second module
ntdll->kernel32

the offset in the PEB is different from x64 and x86
This demo is only Test on Win7 x64