1.FS寄存器
2.进入FS寄存器地址,7FFDD000
3.偏移30为PED结构
4.偏移地址10
3C,44偏移:路径地址,命令行地址
// 通过PEB结构去查找所有进程模块 void *PEB = NULL; void *Pbi = { NULL }; // fs:[30]就是PEB __asm { mov eax, fs:[0x30] mov PEB, eax } // 通过PEB查找 Pbi = *((void **)((unsigned char *)PEB+ 0x10)); void *ImagePathName = NULL; void *CommandLineName = NULL; ImagePathName = *((void **)((unsigned char *)Pbi + 0x3C)); CommandLineName = *((void **)((unsigned char *)Pbi + 0x44));
转载于:https://www.cnblogs.com/nightnine/p/5223424.html
相关资源:各显卡算力对照表!