XR3X

Jump to content


Photo

GetLoadedDLLFromPEB [FASM]

Started By Jochen , Mar 16 2014 03:36 PM

  • You cannot start a new topic
  • Please log in to reply
4 replies to this topic

#1 Jochen

Jochen

    Intermediate Member

  • Notorious
  • 149 posts
Contributor

Posted 16 March 2014 - 03:36 PM

Please Login or Register to see this Hidden Content


  • kevv, dr.Neuro, H@CK3R_ADI and 2 others like this

#2 Tony

Tony

    Intermediate Member

  • Loyalist
  • 277 posts
Contributor

Posted 16 March 2014 - 04:49 PM

Looks good, thanks ^_^  


#3 karcrack

karcrack

    Advanced Member

  • Members +
  • 435 posts

Posted 16 March 2014 - 06:40 PM

:P FASM MACRO POWAH!!

Please Login or Register to see this Hidden Content


  • Jochen, x58, dr.Neuro and 3 others like this

(PGP ID)

ASM, C, C++, VB6... skilled [malware] developer

#4 Jochen

Jochen

    Intermediate Member

  • Notorious
  • 149 posts
Contributor

Posted 16 March 2014 - 06:56 PM

Nice Karcrack ! as usual :)


#5 Ntoskrnl

Ntoskrnl

    Banned

  • Banned
  • 158 posts

Posted 16 March 2014 - 10:49 PM

"mov ebx, [ebx+LDR_MODULE.ListEntry+LIST_ENTRY.Flink]"

 

InLoadOrderModuleList is first structure in LDR_MODULE and Flink is first item of LIST_ENTRY structure, so why not just do "mov ebx, [ebx]" every time you wish to Flink? Pretty sure "mov ebx, [ebx+LDR_MODULE.ListEntry+LIST_ENTRY.Flink]" evaluates to "mov ebx, [ebx+0+0]"


Edited by Ntoskrnl, 16 March 2014 - 10:55 PM.

  • kuupa likes this
https://twitter.com/MalwareTechBlog irc.malwaretech.com
Back to Resources

  1. HackHound
  2. Programming
  3. Assembler
  4. Resources
  5. Privacy Policy