Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- NTSTATUS GetImageNameOffset()
- {
- PEPROCESS pEprocess;
- UINT i = 0;
- //UINT g_IMageNameOffset = 0;
- PAGED_CODE();
- pEprocess = PsGetCurrentProcess();
- for(i = 0; i< PAGE_SIZE; i++)
- if(!strncmp("System", (PCHAR)pEprocess + i, strlen("System")))
- g_ImageNameOffset = i;
- if(!g_ImageNameOffset)
- return STATUS_UNSUCCESSFUL;
- return STATUS_SUCCESS;
- }
- /**
- PEPROCESS pEprocess;
- PeLookupProcessByProcessId((HANDLE)dwTargetPID, &pEprocess);
- DebugPrint("ImageName:%s\n", (PCHAR)pEprocess + g_ImageNameOffset);
- **/
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
