Windows C++ / Execution Guardrails: Environmental Keying
| Author | Unprotect |
| Platform | Windows |
| Language | C++ |
| Technique | Execution Guardrails: Environmental Keying |
Code
PPEB pPEB = (PPEB)__readgsqword(0x60);
PVOID params = (PVOID) * (PQWORD)((PBYTE)pPEB + 0x20);
PWSTR environmental_variables = (PWSTR) * (PQWORD)((PBYTE)params + 0x80);
while (environmental_variables)
{
PWSTR m = wcsstr(environmental_variables, L"COMPUTERNAME=");
if (m) break;
environmental_variables += wcslen(environmental_variables) + 1;
}
PWSTR computerName = wcsstr(environmental_variables, L"=") + 1;
wcslwr(computerName);
wprintf(L"%s", computerName);Created
June 19, 2022
Last Revised
April 22, 2024