{"id":39380362,"url":"https://github.com/ricardojoserf/getmodulehandle","last_synced_at":"2026-01-18T03:00:02.852Z","repository":{"id":179876741,"uuid":"663433435","full_name":"ricardojoserf/GetModuleHandle","owner":"ricardojoserf","description":"GetModuleHandle implementation in C# using only NtQueryInformationProcess by walking the PEB","archived":false,"fork":false,"pushed_at":"2024-02-09T12:49:01.000Z","size":32,"stargazers_count":4,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2024-05-01T13:11:38.682Z","etag":null,"topics":["dynamic-function-resolution","getmodulehandle","malware-development","sektor7"],"latest_commit_sha":null,"homepage":"https://ricardojoserf.github.io/getmodulehandle/","language":"C#","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ricardojoserf.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2023-07-07T09:26:59.000Z","updated_at":"2024-02-24T15:01:46.000Z","dependencies_parsed_at":"2024-02-08T12:30:42.947Z","dependency_job_id":"d3868a11-0974-42d2-95a8-8d11b854cf46","html_url":"https://github.com/ricardojoserf/GetModuleHandle","commit_stats":null,"previous_names":["ricardojoserf/getmodulehandle"],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/ricardojoserf/GetModuleHandle","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ricardojoserf%2FGetModuleHandle","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ricardojoserf%2FGetModuleHandle/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ricardojoserf%2FGetModuleHandle/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ricardojoserf%2FGetModuleHandle/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ricardojoserf","download_url":"https://codeload.github.com/ricardojoserf/GetModuleHandle/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ricardojoserf%2FGetModuleHandle/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28528025,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-18T00:39:45.795Z","status":"online","status_checked_at":"2026-01-18T02:00:07.578Z","response_time":98,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["dynamic-function-resolution","getmodulehandle","malware-development","sektor7"],"created_at":"2026-01-18T03:00:02.247Z","updated_at":"2026-01-18T03:00:02.829Z","avatar_url":"https://github.com/ricardojoserf.png","language":"C#","readme":"# GetModuleHandle - Custom implementation in C#\n\nIt works like the [GetModuleHandle](https://learn.microsoft.com/en-us/windows/win32/api/libloaderapi/nf-libloaderapi-getmodulehandlea) WinAPI: it takes a DLL name, walks the PEB structure and returns the DLL base address. \n\nIt only uses the [NtQueryInformationProcess](https://learn.microsoft.com/en-us/windows/win32/api/winternl/nf-winternl-ntqueryinformationprocess) native API call, without using structs.\n\nIt works in both 32-bit and 64-bit processes. You can test this using the binaries in the Releases section: \n\n![img](https://raw.githubusercontent.com/ricardojoserf/ricardojoserf.github.io/master/images/getModuleHandle/Screenshot_2.png)\n\n\n-----------------------------------\n\n### Sources\n\n- Sektor7's Malware Intermediate course by [reenz0h](https://twitter.com/reenz0h) implements this code in C++\n\n- tebpeb32.h: [https://bytepointer.com/resources/tebpeb32.htm](https://bytepointer.com/resources/tebpeb64.htm)\n\n- tebpeb64.h: [https://bytepointer.com/resources/tebpeb64.htm](https://bytepointer.com/resources/tebpeb64.htm)\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fricardojoserf%2Fgetmodulehandle","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fricardojoserf%2Fgetmodulehandle","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fricardojoserf%2Fgetmodulehandle/lists"}