Skip to content

Commit

Permalink
Merge pull request #805 from jtothej/getosver
Browse files Browse the repository at this point in the history 
Update get-os-version.yml - Get OS version via PEB
  • Loading branch information
@mr-tz
mr-tz authored Aug 7, 2023
2 parents 322d5f0 + dfdd5d8 commit 3e7e50c
Showing 1 changed file with 15 additions and 0 deletions.
15 changes: 15 additions & 0 deletions lib/get-os-version.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,3 +18,18 @@ rule:
- api: VerSetConditionMask
- api: RtlGetNtVersionNumbers
- api: GetProductInfo
- and:
- match: PEB access
- or:
- and:
- arch: i386
- or:
- offset: 0xA4 = PEB->OSMajorVersion
- offset: 0xA8 = PEB->OSMinorVersion
- offset: 0xAC = PEB->OSBuildNumber
- and:
- arch: amd64
- or:
- offset: 0x118 = PEB->OSMajorVersion
- offset: 0x11C = PEB->OSMinorVersion
- offset: 0x120 = PEB->OSBuildNumber

0 comments on commit 3e7e50c

Please sign in to comment.