-
Notifications
You must be signed in to change notification settings - Fork 7
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Started to initialize PEB structure #1
base: master
Are you sure you want to change the base?
Conversation
It seems that PEB_LDR_DATA structure fields are initialized in void PeEmulation::InitLdrModuleList() |
peb.ProcessHeap = (PVOID)m_HeapBase; // this is initialized to 0x0000000010000000
peb.ProcessHeap = NtCurrentPeb()->ProcessHeap; // // this is intialized to 0x000002413f480000. Which one to keep? Which peb.ProcessHeap should i keep? This field gets overwritten in |
so we need to use dynamic addr of heap |
So if i get this right, we should go with my solution and use |
Yeah, but for errorless and bugless code check all places which using static m_HeapBase or peb.ProcessHeap |
Gotcha |
Hmm, it seems that i forgot to initialize fields inside unions, need to fix it |
I started to initialize fields of PEB structure in InitTebPeb(), do not merge, this is work in progress