Mirrors/vxug-MalwareSourceCode
13
1
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode synced 2024-07-05 09:52:02 +00:00
Code Releases Activity
7188d64696
vxug-MalwareSourceCode/Win32/Proof of Concepts/GetKernel32Addressx64
History
vxunderground 900263ea6f updates and moves 
n/a
2022-04-11 20:00:13 -05:00
..
GetKernel32Addressx64 updates and moves 2022-04-11 20:00:13 -05:00
GetKernel32Addressx64.sln updates and moves 2022-04-11 20:00:13 -05:00
ReadMe.txt updates and moves 2022-04-11 20:00:13 -05:00

ReadMe.txt 

in x64
1.get peb from fs:[0x60] by asm file
2.get Ldr by peb
3.get kernel32 module in the third module 
ntdll->kernelbase->kernel32

in x86
1.get peb from fs:[0x30] by inline asm
2.get Ldr by peb
3.get kernel32 module in the second module
ntdll->kernel32

the offset in the PEB is different from x64 and x86
This demo is only Test on Win7 x64