AdvanceVB

Home > Code > Alternative GetCurrentProcessId, ASM Inline [FS:0x20]

Alternative GetCurrentProcessId, ASM Inline [FS:0x20]

September 23rd, 2009 Karcrack Leave a comment Go to comments

'USER32
Private Declare Function CallThunk8 Lib "USER32" Alias "CallWindowProcW" (ByRef cThunk As Currency, Optional ByVal Param1 As Long = 0, Optional ByVal Param2 As Long = 0, Optional ByVal Param3 As Long = 0, Optional ByVal Param4 As Long = 0) As Long

'---------------------------------------------------------------------------------------
' Procedure : FS_GetCurrentProcessId
' Author    : Karcrack
' Date      : 23/09/2009
' Purpose   : GetCurrentProcessId@Kernel32 alternative. Reads info from TIB
'---------------------------------------------------------------------------------------
'
Public Function FS_GetCurrentProcessId() As Long
    '                                   mov eax, [FS:0x20]
    FS_GetCurrentProcessId = CallThunk8(-801556291178721.2444@)
End Function

Categories: Code

Comments (3) Trackbacks (0) Leave a comment Trackback

p0is0n

July 2nd, 2010 at 09:42 | #1

Reply | Quote

Gracias Karkrack…Muy Bueno ;)
coolappz

July 17th, 2010 at 15:37 | #2

Reply | Quote

how u generate the opcode?
coolappz

July 20th, 2010 at 19:37 | #3

Reply | Quote

thanks cobein

No trackbacks yet.

You must be logged in to post a comment.

[ANTI] ImSandBoxed, WindowFlags Vista and Seven exploit

Alternative GetCurrentProcessId, ASM Inline [FS:0x20]

Related Posts

Who's Online

Recent Comments

Recent Posts

Categories

Blogroll

Archives

Meta