C++ (Cpp) getPEB示例

编程语言: C++ (Cpp)

方法/功能: getPEB

hotexamples.com的示例: 3

C++ (Cpp) getPEB - 已找到3个示例。这些是从开源项目中提取的最受好评的getPEB现实C++ (Cpp)示例。您可以评价示例，以帮助我们提高示例质量。

示例#1

显示文件

文件： NativeSubsystem.cpp 项目： Coldreader88/Blackbone

size_t Native::EnumModulesT( Native::listModules& result )
{
    typename _PEB_T2<T>::type peb = { { { 0 } } };
    _PEB_LDR_DATA2<T> ldr = { 0 };

    result.clear();

    if (getPEB( &peb ) != 0 && ReadProcessMemoryT( peb.Ldr, &ldr, sizeof(ldr), 0 ) == STATUS_SUCCESS)
    {
        for (T head = ldr.InLoadOrderModuleList.Flink;
              head != (peb.Ldr + FIELD_OFFSET( _PEB_LDR_DATA2<T>, InLoadOrderModuleList ));
              ReadProcessMemoryT( static_cast<ptr_t>(head), &head, sizeof(head), 0 ))
        {
            ModuleData data;
            wchar_t localPath[512] = { 0 };
            _LDR_DATA_TABLE_ENTRY_BASE<T> localdata = { { 0 } };

            ReadProcessMemoryT( head, &localdata, sizeof(localdata), 0 );
            ReadProcessMemoryT( localdata.FullDllName.Buffer, localPath, localdata.FullDllName.Length, 0 );

            data.baseAddress = localdata.DllBase;
            data.size = localdata.SizeOfImage;
            data.fullPath = Utils::ToLower( localPath );
            data.name = Utils::StripPath( data.fullPath );
            data.manual = false;
            data.type = std::is_same<T, DWORD>::value ? mt_mod32 : mt_mod64;

            result.emplace_back( data );
        }
    }

    return result.size();
}

示例#2

显示文件

文件： NativeSubsystem.cpp 项目： 9176324/Blackbone

std::vector<ModuleDataPtr> Native::EnumModulesT()
{
    NTSTATUS status = STATUS_SUCCESS;
    _PEB_T<T> peb = { };
    _PEB_LDR_DATA2_T<T> ldr = { };
    std::vector<ModuleDataPtr> result;

    if (getPEB( &peb ) != 0 && ReadProcessMemoryT( peb.Ldr, &ldr, sizeof( ldr ), 0 ) == STATUS_SUCCESS)
    {
        for (T head = ldr.InLoadOrderModuleList.Flink;
            NT_SUCCESS( status ) && head != (peb.Ldr + FIELD_OFFSET( _PEB_LDR_DATA2_T<T>, InLoadOrderModuleList ));
            status = ReadProcessMemoryT( static_cast<ptr_t>(head), &head, sizeof( head ) ))
        {
            ModuleData data;
            wchar_t localPath[512] = { 0 };
            _LDR_DATA_TABLE_ENTRY_BASE_T<T> localdata = { { 0 } };

            ReadProcessMemoryT( head, &localdata, sizeof( localdata ), 0 );
            ReadProcessMemoryT( localdata.FullDllName.Buffer, localPath, localdata.FullDllName.Length );

            data.baseAddress = localdata.DllBase;
            data.size = localdata.SizeOfImage;
            data.fullPath = Utils::ToLower( localPath );
            data.name = Utils::StripPath( data.fullPath );
            data.type = (sizeof( T ) < sizeof( uint64_t )) ? mt_mod32 : mt_mod64;
            data.ldrPtr = static_cast<ptr_t>(head);
            data.manual = false;

            result.emplace_back( std::make_shared<const ModuleData>( data ) );
        }
    }
    else
    {
        BLACKBONE_TRACE( L"NativeModules: Failed to get PEB/LDR address. Not yet initialized" );
    }

    return result;
}

示例#3

显示文件

文件： main.c 项目： maldevel/Peteb

int main(int argc, char **argv)
{
    PTEB pTeb = getTEB();
    PPEB pPeb = getPEB();
    return EXIT_SUCCESS;
}