ricardojoserf / GetModuleHandle

GetModuleHandle implementation in C# using only NtQueryInformationProcess by walking the PEB

https://ricardojoserf.github.io/getmodulehandle/

dynamic-function-resolution getmodulehandle malware-development sektor7

GetModuleHandle - Custom implementation in C#

It works like the GetModuleHandle WinAPI: it takes a DLL name, walks the PEB structure and returns the DLL base address.

It only uses the NtQueryInformationProcess native API call, without using structs.

It works in both 32-bit and 64-bit processes. You can test this using the binaries in the Releases section:

Sources

Sektor7's Malware Intermediate course by reenz0h implements this code in C++
tebpeb32.h: https://bytepointer.com/resources/tebpeb32.htm
tebpeb64.h: https://bytepointer.com/resources/tebpeb64.htm

About

GetModuleHandle implementation in C# using only NtQueryInformationProcess by walking the PEB

https://ricardojoserf.github.io/getmodulehandle/

dynamic-function-resolution getmodulehandle malware-development sektor7

Languages

Language:C# 100.0%