GetModuleHandle
GetModuleHandle implementation in C# using only NtQueryInformationProcess by walking the PEB
Install / Use
/learn @ricardojoserf/GetModuleHandleREADME
GetModuleHandle - Custom implementation in C#
It works like the GetModuleHandle WinAPI: it takes a DLL name, walks the PEB structure and returns the DLL base address.
It only uses the NtQueryInformationProcess native API call, without using structs.
It works in both 32-bit and 64-bit processes. You can test this using the binaries in the Releases section:
Sources
-
Sektor7's Malware Intermediate course by reenz0h implements this code in C++
-
tebpeb32.h: https://bytepointer.com/resources/tebpeb32.htm
-
tebpeb64.h: https://bytepointer.com/resources/tebpeb64.htm
