通過PEB枚舉Kernel32.dll基址

kd> !process 0 0
**** NT ACTIVE PROCESS DUMP ****
PROCESS fffffa801a89e060
    SessionId: 1  Cid: 026c    Peb: 7fffffd3000  ParentCid: 0200
    DirBase: 66362000  ObjectTable: fffff8a00111c4d0  HandleCount: 584.
    Image: explorer.exe

kd> dt _PEB 7fffffd3000
nt!_PEB
   +0x000 InheritedAddressSpace : 0 ''
   +0x001 ReadImageFileExecOptions : 0 ''
   +0x002 BeingDebugged    : 0 ''
   +0x003 BitField         : 0x8 ''
   +0x003 ImageUsesLargePages : 0y0
   +0x003 IsProtectedProcess : 0y0
   +0x003 IsLegacyProcess  : 0y0
   +0x003 IsImageDynamicallyRelocated : 0y1
   +0x003 SkipPatchingUser32Forwarders : 0y0
   +0x003 SpareBits        : 0y000
   +0x008 Mutant           : 0xffffffff`ffffffff Void
   +0x010 ImageBaseAddress : 0x00000000`ffe60000 Void
   +0x018 Ldr              : 0x00000000`77943640 _PEB_LDR_DATA
   +0x020 ProcessParameters : 0x00000000`00321c70 _RTL_USER_PROCESS_PARAMETERS
   +0x028 SubSystemData    : (null) 
   +0x030 ProcessHeap      : 0x00000000`00320000 Void
   +0x038 FastPebLock      : 0x00000000`7794b8a0 _RTL_CRITICAL_SECTION
   +0x040 AtlThunkSListPtr : 0x00000000`03b4b5e0 Void
   +0x048 IFEOKey          : (null) 
   +0x050 CrossProcessFlags : 0
   +0x050 ProcessInJob     : 0y0
   +0x050 ProcessInitializing : 0y0
   +0x050 ProcessUsingVEH  : 0y0
   +0x050 ProcessUsingVCH  : 0y0
   +0x050 ProcessUsingFTH  : 0y0
   +0x050 ReservedBits0    : 0y000000000000000000000000000 (0)
   +0x058 KernelCallbackTable : 0x00000000`77799480 Void
   +0x058 UserSharedInfoPtr : 0x00000000`77799480 Void
   +0x060 SystemReserved   : [1] 0
   +0x064 AtlThunkSListPtr32 : 0
   +0x068 ApiSetMap        : 0x000007fe`ffb30000 Void
   +0x070 TlsExpansionCounter : 0
   +0x078 TlsBitmap        : 0x00000000`77943590 Void
   +0x080 TlsBitmapBits    : [2] 0xffffffff
   +0x088 ReadOnlySharedMemoryBase : 0x00000000`7efe0000 Void
   +0x090 HotpatchInformation : (null) 
   +0x098 ReadOnlyStaticServerData : 0x00000000`7efe0a90  -> (null) 
   +0x0a0 AnsiCodePageData : 0x000007ff`fffa0000 Void
   +0x0a8 OemCodePageData  : 0x000007ff`fffa0000 Void
   +0x0b0 UnicodeCaseTableData : 0x000007ff`fffd0028 Void
   +0x0b8 NumberOfProcessors : 1
   +0x0bc NtGlobalFlag     : 0
   +0x0c0 CriticalSectionTimeout : _LARGE_INTEGER 0xffffe86d`079b8000
   +0x0c8 HeapSegmentReserve : 0x100000
   +0x0d0 HeapSegmentCommit : 0x2000
   +0x0d8 HeapDeCommitTotalFreeThreshold : 0x10000
   +0x0e0 HeapDeCommitFreeBlockThreshold : 0x1000
   +0x0e8 NumberOfHeaps    : 0xf
   +0x0ec MaximumNumberOfHeaps : 0x10
   +0x0f0 ProcessHeaps     : 0x00000000`7794b780  -> 0x00000000`00320000 Void
   +0x0f8 GdiSharedHandleTable : 0x00000000`006b0000 Void
   +0x100 ProcessStarterHelper : (null) 
   +0x108 GdiDCAttributeList : 0x14
   +0x110 LoaderLock       : 0x00000000`77948490 _RTL_CRITICAL_SECTION
   +0x118 OSMajorVersion   : 6
   +0x11c OSMinorVersion   : 1
   +0x120 OSBuildNumber    : 0x1db0
   +0x122 OSCSDVersion     : 0
   +0x124 OSPlatformId     : 2
   +0x128 ImageSubsystem   : 2
   +0x12c ImageSubsystemMajorVersion : 6
   +0x130 ImageSubsystemMinorVersion : 1
   +0x138 ActiveProcessAffinityMask : 1
   +0x140 GdiHandleBuffer  : [60] 0
   +0x230 PostProcessInitRoutine : (null) 
   +0x238 TlsExpansionBitmap : 0x00000000`77943580 Void
   +0x240 TlsExpansionBitmapBits : [32] 1
   +0x2c0 SessionId        : 1
   +0x2c8 AppCompatFlags   : _ULARGE_INTEGER 0x0
   +0x2d0 AppCompatFlagsUser : _ULARGE_INTEGER 0x0
   +0x2d8 pShimData        : (null) 
   +0x2e0 AppCompatInfo    : (null) 
   +0x2e8 CSDVersion       : _UNICODE_STRING ""
   +0x2f8 ActivationContextData : 0x00000000`00040000 _ACTIVATION_CONTEXT_DATA
   +0x300 ProcessAssemblyStorageMap : 0x00000000`0035c6e0 _ASSEMBLY_STORAGE_MAP
   +0x308 SystemDefaultActivationContextData : 0x00000000`00030000 _ACTIVATION_CONTEXT_DATA
   +0x310 SystemAssemblyStorageMap : 0x00000000`003382e0 _ASSEMBLY_STORAGE_MAP
   +0x318 MinimumStackCommit : 0
   +0x320 FlsCallback      : 0x00000000`0033b1a0 _FLS_CALLBACK_INFO
   +0x328 FlsListHead      : _LIST_ENTRY [ 0x00000000`0033ad80 - 0x3b73a80 ]
   +0x338 FlsBitmap        : 0x00000000`77943570 Void
   +0x340 FlsBitmapBits    : [4] 0xf
   +0x350 FlsHighIndex     : 3
   +0x358 WerRegistrationData : 0x00000000`022a0000 Void
   +0x360 WerShipAssertPtr : (null) 
   +0x368 pContextData     : 0x00000000`00050000 Void
   +0x370 pImageHeaderHash : (null) 
   +0x378 TracingFlags     : 0
   +0x378 HeapTracingEnabled : 0y0
   +0x378 CritSecTracingEnabled : 0y0
   +0x378 SpareTracingBits : 0y000000000000000000000000000000 (0)
   
 kd> dt 0x00000000`77943640 _PEB_LDR_DATA  
   nt!_PEB_LDR_DATA
   +0x000 Length           : 0x58
   +0x004 Initialized      : 0x1 ''
   +0x008 SsHandle         : (null) 
   +0x010 InLoadOrderModuleList : _LIST_ENTRY [ 0x00000000`00322540 - 0x62e93b0 ]
   +0x020 InMemoryOrderModuleList : _LIST_ENTRY [ 0x00000000`00322550 - 0x62e93c0 ]
   +0x030 InInitializationOrderModuleList : _LIST_ENTRY [ 0x00000000`00322650 - 0x62e93d0 ]
   +0x040 EntryInProgress  : (null) 
   +0x048 ShutdownInProgress : 0 ''
   +0x050 ShutdownThreadId : (null) 
   
kd> dd 0x00000000`00322650
00000000`00322650  00322b40 00000000 77943670 00000000
00000000`00322660  77810000 00000000 00000000 00000000
00000000`00322670  001ab000 00000000 003c003a 00000000
00000000`00322680  003224b0 00000000 00140012 00000000
00000000`00322690  77927270 00000000 00004004 0000ffff
00000000`003226a0  00379510 00000000 7794ba60 00000000
00000000`003226b0  4a5be02b 00000000 00000000 00000000
00000000`003226c0  00000000 00000000 003226c8 00000000

kd> dd 00000000`00322b40 
00000000`00322b40  003229d0 00000000 00322650 00000000
00000000`00322b50  fd820000 000007fe fd8233e0 000007fe
00000000`00322b60  0006b000 00000000 00460044 00000000
00000000`00322b70  00322ad0 00000000 001e001c 00000000
00000000`00322b80  00322af8 00000000 00084004 0000ffff
00000000`00322b90  00335e40 00000000 7794ba80 00000000
00000000`00322ba0  4a5bdfe0 00000000 00000000 00000000
00000000`00322bb0  00000000 00000000 00322bb8 00000000

kd> dt _LDR_DATA_TABLE_ENTRY (00000000`003229d0 - 0x20)
nt!_LDR_DATA_TABLE_ENTRY
   +0x000 InLoadOrderLinks : _LIST_ENTRY [ 0x00000000`00322b20 - 0x322630 ]
   +0x010 InMemoryOrderLinks : _LIST_ENTRY [ 0x00000000`00322b30 - 0x322640 ]
   +0x020 InInitializationOrderLinks : _LIST_ENTRY [ 0x00000000`00323960 - 0x322b40 ]
   +0x030 DllBase          : 0x00000000`775f0000 Void
   +0x038 EntryPoint       : 0x00000000`7760eff0 Void
   +0x040 SizeOfImage      : 0x11f000
   +0x048 FullDllName      : _UNICODE_STRING "C:\Windows\system32\kernel32.dll"
   +0x058 BaseDllName      : _UNICODE_STRING "kernel32.dll"
   +0x068 Flags            : 0x84004
   +0x06c LoadCount        : 0xffff
   +0x06e TlsIndex         : 0
   +0x070 HashLinks        : _LIST_ENTRY [ 0x00000000`0345a120 - 0x7794b9e0 ]
   +0x070 SectionPointer   : 0x00000000`0345a120 Void
   +0x078 CheckSum         : 0x7794b9e0
   +0x080 TimeDateStamp    : 0x4a5bdfdf
   +0x080 LoadedImports    : 0x00000000`4a5bdfdf Void
   +0x088 EntryPointActivationContext : (null) 
   +0x090 PatchInformation : (null) 
   +0x098 ForwarderLinks   : _LIST_ENTRY [ 0x00000000`00323f80 - 0x323f80 ]
   +0x0a8 ServiceTagLinks  : _LIST_ENTRY [ 0x00000000`00322a58 - 0x322a58 ]
   +0x0b8 StaticLinks      : _LIST_ENTRY [ 0x00000000`00322c40 - 0x322aa0 ]
   +0x0c8 ContextInformation : 0x00000000`77914de4 Void
   +0x0d0 OriginalBase     : 0x78d20000
   +0x0d8 LoadTime         : _LARGE_INTEGER 0x1d491e0`1ef707c6
通過PEB枚舉Kernel32.dll基址

《Python進階》學習筆記

Leetcode 3161. 物塊放置查詢

leetcode 60 排列序列

一個docker容器暴露多個端口

微服務實踐之使用 Visual Studio 2022 調試Dapr 應用程序

wpf附加屬性理解 WPF附加屬性

Synchronization and Overlapped Input and Output

架構就是bull shit

彙編和C++函數互調

一場爭論引發的思考

Synchronous and Asynchronous I/O

https://yachay.unat.edu.pe/blog/index.php?comment_area=format_blog&comment_component=blog&comment_co

linux以太網驅動總結
