This snippet details how to spoof the PEB name of your process in the LDR module list. Author: SF6 Modded by: steve10120 procedure ChangePebName(szPath:PWideChar);//SF6 & steve10120var pPEB: Pointer; dwLen: DWORD; pLdrModule: Pointer;begin asm MOV EAX, FS:[$30] MOV pPEB, EAX end; dwLen := lstrlenW(szPath) * 2; pLdrModule := Pointer(PDWORD(DWORD(pPEB) + $C)^); pLdrModule := Pointer(PDWORD(DWORD(pLdrModule) + $C)^); PDWORD(DWORD(pLdrModule) + $24)^ := dwLen; PDWORD(DWORD(pLdrModule) + $28)^ := DWORD(szPath);end; |
Delphi Basics - Free Delphi Source Code - Ultimate Programming Resource > Delphi Basics Snippets >
