Skip to content

Commit

Permalink
Update get-os-version.yml
Browse files Browse the repository at this point in the history
  • Loading branch information
@jtothej
jtothej committed Jul 22, 2023
1 parent a49c174 commit dfdd5d8
Showing 1 changed file with 15 additions and 0 deletions.
15 changes: 15 additions & 0 deletions lib/get-os-version.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,3 +18,18 @@ rule:
- api: VerSetConditionMask
- api: RtlGetNtVersionNumbers
- api: GetProductInfo
- and:
- match: PEB access
- or:
- and:
- arch: i386
- or:
- offset: 0xA4 = PEB->OSMajorVersion
- offset: 0xA8 = PEB->OSMinorVersion
- offset: 0xAC = PEB->OSBuildNumber
- and:
- arch: amd64
- or:
- offset: 0x118 = PEB->OSMajorVersion
- offset: 0x11C = PEB->OSMinorVersion
- offset: 0x120 = PEB->OSBuildNumber

0 comments on commit dfdd5d8

Please sign in to comment.