PE imagebase, I know I can retrieve the image base of exe file or dll file with the help of that method

Track this topic | Email this topic | Print this topic

monst123

New Member

Group: Members
Posts: 1
Member No.: 50330
Joined: 19-March 12

i have seen tut by icelzion for validating pe, i know i can retrieve the image base of exe file or dll file with the help of that method, but is there any other way to do the same thing. i mean short method to get the image base of exe or dll file. please share if you know.


ragdog
Extremely Active Member Group: Moderators Posts: 873 Member No.: 5019 Joined: 13-May 07	It gives many ways to get the imagebase 1.via File Map (like Izelions tut) 2.with Module32First and ModuleEntry32.modBaseAddr 3.with ReadFile 4.Peb and Teb ... .. .


Wessol
Member Group: Members Posts: 32 Member No.: 51593 Joined: 16-May 12	Well, to get the imagebase im using: Push 0 Call GetModuleHandle


ragdog
Extremely Active Member Group: Moderators Posts: 873 Member No.: 5019 Joined: 13-May 07	From own process But this question was "retrieve the image base of exe file or dll file" Greets,


[FFFFFFFF]
New Member Group: Members Posts: 9 Member No.: 44117 Joined: 20-May 11	from first instruction assuming win 7 x64 MOV EAX,DWORD PTR DS:[EBX+8] or DB 064h,0A1h,018h,000h,000h,000h ; = mov eax,dword ptr fs:[18] open PEB structure mov eax,dword ptr ds:[eax+030h] mov eax,dword ptr ds:[eax+08h] ; get module imagebase address

0 User(s) are reading this topic (0 Guests and 0 Anonymous Users)

0 Members:

« Next Oldest | Newbies | Next Newest »

Pages (2) [1] 2