Information from the Process Environment Block

Started by Vortex, August 10, 2024, 11:00:19 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

Vortex

August 10, 2024, 11:00:19 AM
Here is a quick example of getting the operating system version from the Process Environment Block :

https://en.wikipedia.org/wiki/Process_Environment_Block

Code Select
.386
.model flat,stdcall
option casemap:none

include PEBstruct.inc

.data

msg1    db "OSMajorVersion= %u",13,10,13,10,0
msg2    db "OSMinorVersion = %u",0

.code

start:

    call    main
    invoke  ExitProcess,0

main PROC uses ebx

    mov     ebx,fs:[30h]

    invoke  printf,ADDR msg1,\
            PEB.OSMajorVersion[ebx]

    invoke  printf,ADDR msg2,\
            PEB.OSMinorVersion[ebx]
    ret

main ENDP

END start
Code it... That's all...

Vortex

#1
August 12, 2024, 09:42:02 PM
Another version based on the API  RtlGetCurrentPeb :

Code Select
.386
.model flat,stdcall
option casemap:none

include PEBstruct.inc

.data

msg1    db "OSMajorVersion= %u",13,10,13,10,0
msg2    db "OSMinorVersion = %u",0

.code

start:

    call    main
    invoke  ExitProcess,0

main PROC uses ebx

    invoke  RtlGetCurrentPeb
    mov     ebx,eax

    invoke  printf,ADDR msg1,\
            PEB.OSMajorVersion[ebx]

    invoke  printf,ADDR msg2,\
            PEB.OSMinorVersion[ebx]
    ret

main ENDP

END start


Code it... That's all...
Print
Go Up Pages1
User actions