#include <stdio.h>
#include <stdlib.h>
#include <windows.h>
typedef struct _UNICODE_STRING
{
USHORT Length;
USHORT MaximumLength;
PWSTR Buffer;
} UNICODE_STRING, *PUNICODE_STRING;
typedef struct _LDR_MODULE
{
LIST_ENTRY InLoadOrderModuleList;
LIST_ENTRY InMemoryOrderModuleList;
LIST_ENTRY InInitializationOrderModuleList;
PVOID BaseAddress;
PVOID EntryPoint;
ULONG SizeOfImage;
UNICODE_STRING FullDllName;
UNICODE_STRING BaseDllName;
ULONG Flags;
SHORT LoadCount;
SHORT TlsIndex;
LIST_ENTRY HashTableEntry;
ULONG TimeDateStamp;
} LDR_DATA_ENTRY , *PLDR_DATA_ENTRY;
typedef struct _PEB_LDR_DATA
{
ULONG Length;
BOOLEAN Initialized;
PVOID SsHandle;
LIST_ENTRY InLoadOrderModuleList; LIST_ENTRY InMemoryOrderModuleList;
LIST_ENTRY InInitializationOrderModuleList;
} PEB_LDR_DATA, *PPEB_LDR_DATA;
typedef struct _PEB
{
BOOLEAN InheritedAddressSpace; BOOLEAN ReadImageFileExecOptions; BOOLEAN BeingDebugged; BOOLEAN SpareBool; HANDLE Mutant; HMODULE ImageBaseAddress; PPEB_LDR_DATA LdrData; } PEB, *PPEB;
int main()
{
PPEB structPEB; PPEB_LDR_DATA structLdrData;
LIST_ENTRY structModuleLoad ;
PLIST_ENTRY stockFlink , stockBlink ;
PLDR_DATA_ENTRY structDataEntry;
UNICODE_STRING dllName ;
int i ;
PVOID (*rtGetCurrentPeb)(); printf("Liste des noms des dll load par le proc en utilisant le peb par 0vercl0k\n\n");
rtGetCurrentPeb = (PVOID*)GetProcAddress(GetModuleHandle("ntdll.dll"), "RtlGetCurrentPeb");
structPEB = (PPEB)(*rtGetCurrentPeb)(); structLdrData = structPEB->LdrData; structModuleLoad = structLdrData->InLoadOrderModuleList; stockFlink = structModuleLoad.Flink;
stockBlink = structModuleLoad.Blink;
while(stockFlink != stockBlink)
{
structDataEntry = (PLDR_DATA_ENTRY)stockFlink; dllName = structDataEntry->BaseDllName; wprintf(L"DllName : %s\n", dllName.Buffer);
stockFlink = stockFlink->Flink;
}
return 0;
}