Skip to content

Instantly share code, notes, and snippets.

@okumura

okumura/mw32getpebldrdata.c

Created October 26, 2013 19:49
Show Gist options
  • Save okumura/7173722 to your computer and use it in GitHub Desktop.
Save okumura/7173722 to your computer and use it in GitHub Desktop.
Download ZIP
Get PEB_LDR_DATA for Windows.
Raw
mw32getpebldrdata.c
typedef struct PEB_LDR_DATA {
ULONG Length;
BOOLEAN Initialized;
PVOID SsHandle;
LIST_ENTRY InLoadOrderModuleList;
LIST_ENTRY InMemoryOrderModuleList;
LIST_ENTRY InInitializationOrderModuleList;
} PEB_LDR_DATA, *PPEB_LDR_DATA;
PPEB_LDR_DATA mw32GetPebLdrData() {
#if defined(_WIN64)
UINT64 uiPeb = __readgsqword(0x60);
PBYTE pPeb = (PBYTE) (UINT_PTR) uiPeb;
PUINT64 ppPebLdrData = (PUINT64) (pPeb + 0x18);
return (PPEB_LDR_DATA) ((UINT_PTR) *ppPebLdrData);
#else
UINT32 uiPeb = __readfsdword(0x30);
PBYTE pPeb = (PBYTE) (UINT_PTR) uiPeb;
PUINT32 ppPebLdrData = (PUINT32) (pPeb + 0x0C);
return (PPEB_LDR_DATA) ((UINT_PTR) *ppPebLdrData);
#endif
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment