Board index device driver

LDR_DATA_TABLE_ENTRY & x64

LDR_DATA_TABLE_ENTRY & x64

Post by Mike_ » Thu, 08 Dec 2005 06:52:11


Hi,


I am using PEB and LDR_DATA_TABLE_ENTRY (kernel level) for enumerating
modules from process space, but I got trouble with it for Windows XP
x64 - I can enumerate only 64-bit modules for 32-bit processes. Maybe
somebody knows how to get access to information about 32-bit modules
too.


Thanks.
 
 
 
Top

LDR_DATA_TABLE_ENTRY & x64

Post by Ivan Brugi » Thu, 08 Dec 2005 12:28:52

The documented way is to use TH32CS_SNAPMODULE32
and TH32CS_SNAPMODULE from a 64-bit application.

See a discussion in
http://www.yqcomputer.com/ +Brugiolo+TH32CS_SNAPMODULE32&qt_s=Search

You can then reverse enginner the two PEBs if you feel
you need to go the undocumented way.

--
This posting is provided "AS IS" with no warranties, and confers no rights.
Use of any included script samples are subject to the terms specified at
http://www.yqcomputer.com/

 
 
 
Top

LDR_DATA_TABLE_ENTRY & x64

Post by Mike_ » Fri, 09 Dec 2005 06:36:24

Thanks for your answer.
 
 
 
Top

1. LDR_DATA_TABLE_ENTRY & x64

2. Win7 x64 - Outlook 2010Beta x64 - BCM 2010 x64 does not install

3. LDR_DATA_TABLE_ENTRY fields

4. q: LDR_DATA_TABLE_ENTRY fields

5. Issues running the .NET v2.0.50727 x64 on Windows XP Pro x64

6. x64 ultimate install from x64 home premium cd and ultimate 32 key

7. XP x64 and vista x64 dual boot option gone

8. XP x64 after Vista x64

9. sql 2005 copy database wizard fails x64 to x64

10. Downgrade from SQL2005 x64 EE to SQL2005 x64 SE

11. Cross Platform x64 compilation on 32bit system - How to generate x64 Interop DLL

12. I Am Now Dual Booting Between X64 Vista And X64 Ubuntu, Just FYI.

13. Can xp pro x64 be upgraded to Vista x64 (5728)?

14. I Got Confused With X64 and X64 And Ubuntu - Just FYI

All times are UTC
Board index