Ask Your Question
4

How can a Job be utilized to parse PEB?

asked 2023-05-26 00:55:41 +0000

devzero gravatar image

edit retag flag offensive close merge delete
add a comment

1 Answer

Sort by ยป oldest newest most voted
0

answered 2023-05-26 01:00:02 +0000

lakamha gravatar image

In order to parse PEB (Process Environment Block) using a job in Windows, the following steps can be taken:

  1. Create a new job object: This is done by calling the CreateJobObject API function.

  2. Set the job object's inheritability: This can be done using the SetHandleInformation function.

  3. Create the process to be analyzed: This can be done by calling the CreateProcess API function with the CREATE_SUSPENDED flag.

  4. Assign the process to the job object: This can be done by calling the AssignProcessToJobObject API function.

  5. Obtain a handle to the process's PEB: This can be done by calling the NtQueryInformationProcess function with the ProcessBasicInformation information class.

  6. Read the PEB: This can be done using the ReadProcessMemory API function with the handle to the process and the address of the PEB.

  7. Clean up: Close any open handles and terminate the job object if necessary.

By following these steps, a job can be used to parse the PEB of a process in Windows.

edit flag offensive delete link more
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss

Add Answer


Question Tools

subscribe to rss feed

Stats

Asked: 2023-05-26 00:55:41 +0000

Seen: 1 times

Last updated: May 26 '23

Related questions

How can I deal with Expression.Error related to a column in Power Query?

How can you implement pagination in Oracle for the LISTAGG() function?

What is the process for implementing a FutureBuilder on an OnTap function in Flutter?

How can we require users to be logged in before they can access the root folders in WordPress?

What are some ways to achieve responsiveness in a React-Native app, without relying on the Dimension property of react-native?

In SCSS, what is the method for grouping and reusing a set of classes and styles?

How can popen() be used to direct streaming data to TAR?

How does iOS retrieve information from a BLE device?

How can Django Admin accommodate a variety of formats and locales for its input fields?

How can the multiplication process between a sparse matrix and a dense ndarray vector in SciPy be made faster?

Copyright QStack.ai, 2010-2023. Content on this site is licensed under the Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service | contact