Answer the question
In order to leave comments, you need to log in
D
D
Dutymy2021-10-27 20:57:02
Dutymy, 2021-10-27 20:57:02
Why is msdn lying to us?
Trying to somehow study the structures of peb and teb, I noticed that the library winternl.hand https://docs.microsoft.com/en-us/windows/win32/api... describes
typedef struct _PEB_LDR_DATA {
BYTE Reserved1[8];
PVOID Reserved2[3];
LIST_ENTRY InMemoryOrderModuleList;
} PEB_LDR_DATA, *PPEB_LDR_DATA;Although from other sources https://doxygen.reactos.org/d6/d52/struct__PEB__LD...
typedef struct _PEB_LDR_DATA {
/*+0x000*/ unsigned long Length; // Uint4B
/*+0x004*/ unsigned char Initialized; // UChar
/*+0x008*/ void * SsHandle; // Ptr64 Void
/*+0x010*/ LIST_ENTRY InLoadOrderModuleList; // _LIST_ENTRY
/*+0x020*/ LIST_ENTRY InMemoryOrderModuleList; // _LIST_ENTRY
/*+0x030*/ LIST_ENTRY InInitializationOrderModuleList; //_LIST_ENTRY
/*+0x040*/ void * EntryInProgress; // Ptr64 Void
/*+0x048*/ unsigned char ShutdownInProgress; // UChar
/*+0x050*/ void * ShutdownThreadId; // Ptr64 Void
} PEB_LDR_DATA;Actually getting LIST_ENTRY * listEntry = peb->Ldr->InLoadOrderModuleList.Flink is possible, is there a full version
winternl.h?
Similar questions
P
pinguine2017-06-06 17:14:53
Is there any way to check the existence of a city programmatically?
3Reply
D
U
E
R
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question