diff options
| author | midipix <writeonce@midipix.org> | 2015-05-08 23:22:07 -0400 |
|---|---|---|
| committer | midipix <writeonce@midipix.org> | 2015-05-08 23:22:07 -0400 |
| commit | feffc7263bb2fd33ae467de2dd51f1ddbbb1b895 (patch) | |
| tree | 983daec02a2d1833796ad8bd04d43d9b3ec42765 /src/modules/pe_get_ntdll_module_handle.c | |
| parent | 23329916dde5e0ffa056f74a81aeda1bfb7e54cc (diff) | |
| download | pemagine-feffc7263bb2fd33ae467de2dd51f1ddbbb1b895.tar.bz2 pemagine-feffc7263bb2fd33ae467de2dd51f1ddbbb1b895.tar.xz | |
initial commit.
Diffstat (limited to 'src/modules/pe_get_ntdll_module_handle.c')
| -rw-r--r-- | src/modules/pe_get_ntdll_module_handle.c | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/src/modules/pe_get_ntdll_module_handle.c b/src/modules/pe_get_ntdll_module_handle.c new file mode 100644 index 0000000..72f81ec --- /dev/null +++ b/src/modules/pe_get_ntdll_module_handle.c @@ -0,0 +1,27 @@ +/*****************************************************************************/ +/* pemagination: a (virtual) tour into portable bits and executable bytes */ +/* Copyright (C) 2013,2014,2015 Z. Gilboa */ +/* Released under GPLv2 and GPLv3; see COPYING.PEMAGINE. */ +/*****************************************************************************/ + +#include <psxtypes/psxtypes.h> +#include <pemagine/pe_consts.h> +#include <pemagine/pe_structs.h> +#include <pemagine/pemagine.h> +#include "pe_impl.h" + +pe_api +void * pe_get_ntdll_module_handle(void) +{ + struct pe_peb_ldr_data * peb_ldr_data; + struct pe_list_entry * peb_list_entry; + intptr_t peb_tbl_addr; + struct pe_ldr_tbl_entry * peb_ldr_tbl_entry; + + peb_ldr_data = (struct pe_peb_ldr_data *)pe_get_peb_ldr_data_address(); + peb_list_entry = peb_ldr_data->in_init_order_module_list.flink; + peb_tbl_addr = (intptr_t)peb_list_entry - IN_INITIALIZATION_ORDER_MODULE_LIST_OFFSET; + peb_ldr_tbl_entry = (struct pe_ldr_tbl_entry *)peb_tbl_addr; + + return peb_ldr_tbl_entry->dll_base; +} |