@@ -22,9 +22,22 @@ string ASMHeader::GetASMHeader_x86()
2222 " mov eax, [eax + 0xc] ; EAX = PEB->Ldr \r\n "
2323 " mov esi, [eax + 0x14] ; ESI = PEB->Ldr.InMemOrder \r\n "
2424 " lodsd ; EAX = Second module \r\n "
25+
26+ " Next_Module: \r\n\r\n "
27+
2528 " xchg eax, esi ; EAX = ESI, ESI = EAX \r\n "
26- " lodsd ; EAX = Third(kernel32) \r\n "
29+ " lodsd ; EAX = Next module \r\n "
30+ " mov ecx, [eax + 0x28] ; ECX = Module Name \r\n "
31+ " cmp dword [ecx], 0x45004b ; KE \r\n "
32+ " jne Next_Module \r\n "
33+ " cmp dword [ecx + 0x4], 0x4e0052 ; RN \r\n "
34+ " jne Next_Module \r\n "
35+ " cmp dword [ecx + 0x8], 0x4c0045 ; EL \r\n "
36+ " jne Next_Module \r\n "
37+ " cmp dword [ecx + 0xc], 0x320033 ; 32 \r\n "
38+ " jne Next_Module \r\n "
2739 " mov ebx, [eax + 0x10] ; EBX = Base address \r\n "
40+
2841 " mov edx, [ebx + 0x3c] ; EDX = DOS->e_lfanew \r\n "
2942 " add edx, ebx ; EDX = PE Header \r\n "
3043 " mov edx, [edx + 0x78] ; EDX = Offset export table \r\n "
@@ -87,8 +100,20 @@ string ASMHeader::GetASMHeader_x64()
87100 " mov rax, [rax + 0x18] ; RAX = PEB->Ldr \r\n "
88101 " mov rsi, [rax + 0x20] ; RSI = PEB->Ldr.InMemOrder \r\n "
89102 " lodsq ; RAX = Second module \r\n "
103+
104+ " Next_Module: \r\n\r\n "
105+
90106 " xchg rax, rsi ; RAX = RSI, RSI = RAX \r\n "
91- " lodsq ; RAX = Third(kernel32) \r\n "
107+ " lodsq ; RAX = Next Module \r\n "
108+ " mov rcx, [rax + 0x50] ; RCX = Module Name \r\n "
109+ " cmp dword [rcx], 0x45004b ; KE \r\n "
110+ " jne Next_Module \r\n "
111+ " cmp dword [rcx + 0x4], 0x4e0052 ; RN \r\n "
112+ " jne Next_Module \r\n "
113+ " cmp dword [rcx + 0x8], 0x4c0045 ; EL \r\n "
114+ " jne Next_Module \r\n "
115+ " cmp dword [rcx + 0xc], 0x320033 ; 32 \r\n "
116+ " jne Next_Module \r\n "
92117 " mov rbx, [rax + 0x20] ; RBX = Base address \r\n\r\n "
93118
94119 " xor r8, r8 ; Clear r8 \r\n "
0 commit comments