We don't display ads so we rely on your Bitcoin donations to 1KWEk9QaiJb2NwP5YFmR24LyUBa4JyuKqZ

Get/Set PEB - GetModuleFileName

Post date: Mar 16, 2010 2:46:24 PM

{

Unit: Get/Set PEB - GetModuleFileName

Author: steve10120

Description: Get and/or set the PEB filename value.

Credits: Karcrack

Website: hackhound.org

}

When injected into another process, retreive the correct GetModuleFileName as opposed to the process you are injected to.

function AltGetPEBModuleFileName():WideString;

var

  szBuff: PWideChar;

begin

asm

   mov eax, [FS:030h]

   mov eax, [DS:eax+010h]

   mov eax, [DS:eax+03Ch]

   mov szBuff, eax

  end;

  Result := szBuff;

end;

procedure AltSetPEBModuleFileName(szPath:PWideChar);

asm

  mov edx, szPath

  mov eax, [FS:030h]

  mov eax, [DS:eax+010h]

  mov [DS:eax+03Ch], edx;

end;

Usage:

begin

  MessageBoxW(0, PWideChar(AltGetPEBModuleFileName), nil, 0);

  AltSetPEBModuleFileName('C:\test.exe');

  MessageBoxW(0, PWideChar(AltGetPEBModuleFileName), nil, 0);

end.

Google Sites

Report abuse