hypeartist · May 31, 2021 13:01
diff --git a/1.cs b/1.cs
 using System;
 using System.Runtime.CompilerServices;
 using System.Threading;

 namespace CoreClrDebugTarget
 {
 	class Program
 	{
 		internal static unsafe void Main(string[] args)
 		{
 			var currentThread = Thread.CurrentThread;
 #if true	// .NET 6.0
 			const int fieldOffset = 0x5;
 #else		// .NET Core 3.0, 3.1, .NET 5.0
 			const int fieldOffset = 0x6;
 #endif
 			var hThread = *((IntPtr*)*(IntPtr*)Unsafe.AsPointer(ref currentThread) + fieldOffset);

 			var peb = *(Peb*)(*((IntPtr*) hThread + 0x13) - Environment.SystemPageSize);
 			var pPebEntry = (LdrDataTableEntry*)peb.Ldr->InMemoryOrderModuleList.Flink;
 			var pebEntry = *pPebEntry;
 			var pHeadEntry = pPebEntry;
 			while (true)
 			{
 				pPebEntry = (LdrDataTableEntry*)pebEntry.InMemoryOrderLinks.Flink;
 				pebEntry = *pPebEntry;
 				if (pPebEntry == pHeadEntry || pebEntry.DllBase == null) break;
 				var moduleName = new string(pebEntry.BaseDllName.Buffer, 0, pebEntry.BaseDllName.Length >> 1);
 				var moduleBase = $"0x{(IntPtr) pebEntry.DllBase:x16}";
 				Console.WriteLine($"{moduleName}: {moduleBase}");
 			}

 			Console.WriteLine("Hello PEB!");
 			Console.ReadKey();
 		}
 	}

 	public unsafe readonly struct ListEntry
 	{
 		public readonly void* Flink;
 		public readonly void* Blink;
 	}

 	public unsafe readonly struct PebLdrData
 	{
 		private readonly byte _1;
 		private readonly byte _2;
 		private readonly byte _3;
 		private readonly byte _4;
 		private readonly byte _5;
 		private readonly byte _6;
 		private readonly byte _7;
 		private readonly byte _8;
 		private readonly void* _9;
 		private readonly void* _10;
 		private readonly void* _11;
 		public readonly ListEntry InMemoryOrderModuleList;
 	}

 	public unsafe readonly struct Peb
 	{
 		private readonly byte _1;
 		private readonly byte _2;
 		private readonly byte _3;
 		private readonly byte _4;
 		private readonly byte _5;
 		private readonly void* _6;
 		private readonly void* _7;
 		public readonly PebLdrData* Ldr;
 	}

 	public unsafe readonly struct UnicodeString
 	{
 		public readonly ushort Length;
 		public readonly ushort MaximumLength;
 		public readonly char* Buffer;
 	}

 	public unsafe readonly struct LdrDataTableEntry
 	{
 		public readonly ListEntry InMemoryOrderLinks;
 		public readonly ListEntry InInitializationOrderList;
 		public readonly void* DllBase;
 		public readonly void* EntryPoint;
 		private readonly void* _1;
 		public readonly UnicodeString FullDllName;
 		public readonly UnicodeString BaseDllName;
 	}
 }
	using System;
	using System.Runtime.CompilerServices;
	using System.Threading;

	namespace CoreClrDebugTarget
	{
	class Program
	{
	internal static unsafe void Main(string[] args)
	{
	var currentThread = Thread.CurrentThread;
	#if true // .NET 6.0
	const int fieldOffset = 0x5;
	#else // .NET Core 3.0, 3.1, .NET 5.0
	const int fieldOffset = 0x6;
	#endif
	var hThread = ((IntPtr)(IntPtr)Unsafe.AsPointer(ref currentThread) + fieldOffset);

	var peb = (Peb)(((IntPtr) hThread + 0x13) - Environment.SystemPageSize);
	var pPebEntry = (LdrDataTableEntry*)peb.Ldr->InMemoryOrderModuleList.Flink;
	var pebEntry = *pPebEntry;
	var pHeadEntry = pPebEntry;
	while (true)
	{
	pPebEntry = (LdrDataTableEntry*)pebEntry.InMemoryOrderLinks.Flink;
	pebEntry = *pPebEntry;
	if (pPebEntry == pHeadEntry \|\| pebEntry.DllBase == null) break;
	var moduleName = new string(pebEntry.BaseDllName.Buffer, 0, pebEntry.BaseDllName.Length >> 1);
	var moduleBase = $"0x{(IntPtr) pebEntry.DllBase:x16}";
	Console.WriteLine($"{moduleName}: {moduleBase}");
	}

	Console.WriteLine("Hello PEB!");
	Console.ReadKey();
	}
	}

	public unsafe readonly struct ListEntry
	{
	public readonly void* Flink;
	public readonly void* Blink;
	}

	public unsafe readonly struct PebLdrData
	{
	private readonly byte _1;
	private readonly byte _2;
	private readonly byte _3;
	private readonly byte _4;
	private readonly byte _5;
	private readonly byte _6;
	private readonly byte _7;
	private readonly byte _8;
	private readonly void* _9;
	private readonly void* _10;
	private readonly void* _11;
	public readonly ListEntry InMemoryOrderModuleList;
	}

	public unsafe readonly struct Peb
	{
	private readonly byte _1;
	private readonly byte _2;
	private readonly byte _3;
	private readonly byte _4;
	private readonly byte _5;
	private readonly void* _6;
	private readonly void* _7;
	public readonly PebLdrData* Ldr;
	}

	public unsafe readonly struct UnicodeString
	{
	public readonly ushort Length;
	public readonly ushort MaximumLength;
	public readonly char* Buffer;
	}

	public unsafe readonly struct LdrDataTableEntry
	{
	public readonly ListEntry InMemoryOrderLinks;
	public readonly ListEntry InInitializationOrderList;
	public readonly void* DllBase;
	public readonly void* EntryPoint;
	private readonly void* _1;
	public readonly UnicodeString FullDllName;
	public readonly UnicodeString BaseDllName;
	}
	}