@@ -1564,7 +1564,7 @@ if (!ReadProcessMemory(hproc, (BYTE*)pbi.PebBaseAddress + 0x20, &procParamPtr, s
15641564
15651565UNICODE_STRING cmdLStruct;
15661566SIZE_T bytesRead2 = 0 ;
1567- if (!ReadProcessMemory (hproc, (BYTE *)procParamPtr + 0x38 , &cmdLStruct, sizeof (cmdLStruct), &bytesRead2)) {
1567+ if (!ReadProcessMemory (hproc, (BYTE *)procParamPtr + 0x60 , &cmdLStruct, sizeof (cmdLStruct), &bytesRead2)) {
15681568 return " " ;
15691569}
15701570
@@ -1601,7 +1601,7 @@ return WideToString(stringBuffer);
16011601 }
16021602
16031603 UNICODE_STRING32 cmdLStruct32{};
1604- if (!ReadProcessMemory (hproc, (BYTE *)(ULONG_PTR )procParamPtr32 + 0x24 , &cmdLStruct32, sizeof (cmdLStruct32), NULL )) {
1604+ if (!ReadProcessMemory (hproc, (BYTE *)(ULONG_PTR )procParamPtr32 + 0x50 , &cmdLStruct32, sizeof (cmdLStruct32), NULL )) {
16051605 return " " ;
16061606 }
16071607
@@ -1642,7 +1642,7 @@ if (!ReadProcessMemory(hproc, (BYTE*)pbi.PebBaseAddress + 0x10, &procParamPtr, s
16421642
16431643UNICODE_STRING cmdLStruct;
16441644SIZE_T bytesRead2 = 0 ;
1645- if (!ReadProcessMemory (hproc, (BYTE *)procParamPtr + 0x24 , &cmdLStruct, sizeof (cmdLStruct), &bytesRead2)) {
1645+ if (!ReadProcessMemory (hproc, (BYTE *)procParamPtr + 0x50 , &cmdLStruct, sizeof (cmdLStruct), &bytesRead2)) {
16461646 return " " ;
16471647}
16481648
@@ -1685,7 +1685,7 @@ if (!ReadProcessMemory(hproc, (BYTE*)pbi.PebBaseAddress + 0x10, &procParamPtr, s
16851685
16861686UNICODE_STRING cmdLStruct;
16871687SIZE_T bytesRead2 = 0 ;
1688- if (!ReadProcessMemory (hproc, (BYTE *)procParamPtr + 0x24 , &cmdLStruct, sizeof (cmdLStruct), &bytesRead2)) {
1688+ if (!ReadProcessMemory (hproc, (BYTE *)procParamPtr + 0x50 , &cmdLStruct, sizeof (cmdLStruct), &bytesRead2)) {
16891689 return " " ;
16901690}
16911691
@@ -1741,7 +1741,7 @@ return WideToString(stringBuffer);
17411741 }
17421742
17431743 UNICODE_STRING64 cmdLStruct64;
1744- status = readMem64 (targetHandle, procParamPtr64 + 0x38 , &cmdLStruct64, sizeof (cmdLStruct64), NULL );
1744+ status = readMem64 (targetHandle, procParamPtr64 + 0x60 , &cmdLStruct64, sizeof (cmdLStruct64), NULL );
17451745 if (status != 0 ) {
17461746 if (openedHandle) CloseHandle (openedHandle);
17471747 return " " ;
@@ -1800,7 +1800,7 @@ if (!ReadProcessMemory(hproc, (BYTE*)pbi.PebBaseAddress + 0x20, &procParamPtr, s
18001800
18011801UNICODE_STRING cmdLStruct;
18021802SIZE_T bytesRead2 = 0 ;
1803- if (!ReadProcessMemory (hproc, (BYTE *)procParamPtr + 0x38 , &cmdLStruct, sizeof (cmdLStruct), &bytesRead2)) {
1803+ if (!ReadProcessMemory (hproc, (BYTE *)procParamPtr + 0x60 , &cmdLStruct, sizeof (cmdLStruct), &bytesRead2)) {
18041804 return " " ;
18051805}
18061806
@@ -1838,7 +1838,7 @@ return WideToString(stringBuffer);
18381838 }
18391839
18401840 UNICODE_STRING32 cmdLStruct32{};
1841- if (!ReadProcessMemory (hproc, (BYTE *)(ULONG_PTR )procParamPtr32 + 0x24 , &cmdLStruct32, sizeof (cmdLStruct32), NULL )) {
1841+ if (!ReadProcessMemory (hproc, (BYTE *)(ULONG_PTR )procParamPtr32 + 0x50 , &cmdLStruct32, sizeof (cmdLStruct32), NULL )) {
18421842 return " " ;
18431843 }
18441844
0 commit comments