private static IntPtr GetPeb32(IntPtr hProcess)
{
if (System.Environment.Is64BitProcess)
{
var ptr = IntPtr.Zero;
int res_len = 0;
int pbiSize = IntPtr.Size;
ProcessNativeMethods.NtQueryInformationProcess(
hProcess,
ProcessNativeMethods.ProcessWow64Information,
ref ptr,
pbiSize,
ref res_len);
if (res_len != pbiSize)
{
throw new Win32Exception("Unable to query process information.");
}
return(ptr);
}
else
{
return(GetPebNative(hProcess));
}
}
private static IntPtr GetPebNative(IntPtr hProcess)
{
var pbi = new ProcessNativeMethods.ProcessInformation();
int res_len = 0;
int pbiSize = Marshal.SizeOf(pbi);
ProcessNativeMethods.NtQueryInformationProcess(
hProcess,
ProcessNativeMethods.ProcessBasicInformation,
ref pbi,
pbiSize,
out res_len);
if (res_len != pbiSize)
{
throw new Win32Exception("Unable to query process information.");
}
return(pbi.PebBaseAddress);
}