KMemdriver GetModules for 32 bit target processes

1 files changed, 49 insertions, 0 deletions

diff --git a/KMemDriver/Native.h b/KMemDriver/Native.h
index 3bbd430..e19e3bd 100644
--- a/KMemDriver/Native.h
+++ b/KMemDriver/Native.h
@@ -57,6 +57,55 @@ typedef struct _PEB
 	PVOID ApiSetMap;
 } PEB, *PPEB;
 
+typedef struct _PEB_LDR_DATA32
+{
+	ULONG Length;
+	UCHAR Initialized;
+	ULONG SsHandle;
+	LIST_ENTRY32 InLoadOrderModuleList;
+	LIST_ENTRY32 InMemoryOrderModuleList;
+	LIST_ENTRY32 InInitializationOrderModuleList;
+} PEB_LDR_DATA32, *PPEB_LDR_DATA32;
+
+typedef struct _LDR_DATA_TABLE_ENTRY32
+{
+	LIST_ENTRY32 InLoadOrderLinks;
+	LIST_ENTRY32 InMemoryOrderLinks;
+	LIST_ENTRY32 InInitializationOrderLinks;
+	ULONG DllBase;
+	ULONG EntryPoint;
+	ULONG SizeOfImage;
+	UNICODE_STRING32 FullDllName;
+	UNICODE_STRING32 BaseDllName;
+	ULONG Flags;
+	USHORT LoadCount;
+	USHORT TlsIndex;
+	LIST_ENTRY32 HashLinks;
+	ULONG TimeDateStamp;
+} LDR_DATA_TABLE_ENTRY32, *PLDR_DATA_TABLE_ENTRY32;
+
+typedef struct _PEB32
+{
+	UCHAR InheritedAddressSpace;
+	UCHAR ReadImageFileExecOptions;
+	UCHAR BeingDebugged;
+	UCHAR BitField;
+	ULONG Mutant;
+	ULONG ImageBaseAddress;
+	ULONG Ldr;
+	ULONG ProcessParameters;
+	ULONG SubSystemData;
+	ULONG ProcessHeap;
+	ULONG FastPebLock;
+	ULONG AtlThunkSListPtr;
+	ULONG IFEOKey;
+	ULONG CrossProcessFlags;
+	ULONG UserSharedInfoPtr;
+	ULONG SystemReserved;
+	ULONG AtlThunkSListPtr32;
+	ULONG ApiSetMap;
+} PEB32, *PPEB32;
+
 typedef struct _MEMORY_BASIC_INFORMATION {
 	PVOID  BaseAddress;
 	PVOID  AllocationBase;