rust - How to get the PEB_LDR_DATA of the current process using the windows-rs crate

I want to obtain the windows::Win32::System::Threading::PEB_LDR_DATA struct for the current process and I'm not sure how to do this using the windows-rs crate.

One example I have found uses the ntapi crate, which uses the winapi crate under the hood. I prefer using the windows-rs crate, as this one is well maintained and published by Microsoft itself.

use std::arch::asm;
use ntapi::FIELD_OFFSET;
use ntapi::ntpebteb::{PPEB, TEB};
use ntapi::ntpsapi::PPEB_LDR_DATA;

pub unsafe fn __readgsqword(offset: u32) -> u64 {
    let out: u64;
    asm!(
        "mov {}, gs:[{:e}]",
        lateout(reg) out,
        in(reg) offset,
        options(nostack, pure, readonly),
    );
    out
}

pub unsafe fn nt_current_teb() -> *mut TEB {
    use winapi::um::winnt::NT_TIB;
    let teb_offset = FIELD_OFFSET!(NT_TIB, _Self) as u32;
    __readgsqword(teb_offset) as *mut TEB
}

pub unsafe fn nt_current_peb() -> PPEB {
    (*nt_current_teb()).ProcessEnvironmentBlock
}

fn get_module_addr( hash: ULONG ) -> PVOID
{
    let     ldr      : PPEB_LDR_DATA;
    let     header   : PLIST_ENTRY;
    let mut entry    : PLIST_ENTRY;

    unsafe {
        ldr = (*nt_current_peb()).Ldr;
        header = addr_of!((*ldr).InLoadOrderModuleList) as PLIST_ENTRY;
        entry = (*header).Flink;

        // ...
}

科技改变生活-雨落星辰 - 所有的伟大,都源于一个勇敢的开始

rust - How to get the PEB_LDR_DATA of the current process using the windows-rs crate - Stack Overflow

与本文相关的文章

评论列表(0)