| Written by David Reguera García |
| Tuesday, 21 November 2006 |
|
DOWNLOAD
We obtain the base of kernel32.dll in memory, using the PEB structure, once obtained,
we
run through the PE32 and we obtain the address from a function of kernel32.dll in memory.
The code could be used to obtain the address of any other function, providing it with
the base of a PE32 that has EXPORT DIRECTORY.
|
Last update( Tuesday, 21 November 2006 ) |