NO

Author Topic: Information from the Process Environment Block  (Read 4271 times)

Offline Vortex

  • Member
  • *
  • Posts: 937
    • http://www.vortex.masmcode.com
Information from the Process Environment Block
« on: August 10, 2024, 11:00:19 AM »
Here is a quick example of getting the operating system version from the Process Environment Block :

https://en.wikipedia.org/wiki/Process_Environment_Block

Code: [Select]
.386
.model flat,stdcall
option casemap:none

include PEBstruct.inc

.data

msg1    db "OSMajorVersion= %u",13,10,13,10,0
msg2    db "OSMinorVersion = %u",0

.code

start:

    call    main
    invoke  ExitProcess,0

main PROC uses ebx

    mov     ebx,fs:[30h]

    invoke  printf,ADDR msg1,\
            PEB.OSMajorVersion[ebx]

    invoke  printf,ADDR msg2,\
            PEB.OSMinorVersion[ebx]
    ret

main ENDP

END start
Code it... That's all...

Offline Vortex

  • Member
  • *
  • Posts: 937
    • http://www.vortex.masmcode.com
Re: Information from the Process Environment Block
« Reply #1 on: August 12, 2024, 09:42:02 PM »
Another version based on the API  RtlGetCurrentPeb :

Code: [Select]
.386
.model flat,stdcall
option casemap:none

include PEBstruct.inc

.data

msg1    db "OSMajorVersion= %u",13,10,13,10,0
msg2    db "OSMinorVersion = %u",0

.code

start:

    call    main
    invoke  ExitProcess,0

main PROC uses ebx

    invoke  RtlGetCurrentPeb
    mov     ebx,eax

    invoke  printf,ADDR msg1,\
            PEB.OSMajorVersion[ebx]

    invoke  printf,ADDR msg2,\
            PEB.OSMinorVersion[ebx]
    ret

main ENDP

END start

Code it... That's all...