void HideDll(IN DWORD SEPROCESS)
{
DWORD ipPEB;
PLIST_ENTRY Head,Cur;
PPEB_LDR_DATA ldr;
PLDR_MODULE ldm;
PPEB pPEB;
ipPEB=*((DWORD*)(SEPROCESS + 0x1B0));
pPEB=(PPEB)ipPEB;
//
获取到进程PEB指针地址。
Head = &(pPEB->Ldr->InLoadOrderModuleList);
Cur = Head->Flink;
do
ldm = CONTAINING_RECORD( Cur, LDR_MODULE, InLoadOrderModuleList);
DbgPrint(
"基地址 [0x%X] 名称[%S]\n"
,ldm->BaseAddress,ldm->BaseDllName.Buffer);
Cur= Cur->Flink;
}
while
(Head != Cur);
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
