[1]: https://gist.github.com/rfl890/195307136c7216cf243f7594832f4...
PEB *peb = (PEB *)__readgsqword(0x60);
LIST_ENTRY *current_entry = peb->Ldr->InMemoryOrderModuleList.Flink->Flink;
Is this actually supported by Microsoft or are people going to end up in a Raymond Chen article if they use this?
Nitpick: the phrase “link against kernel32” feels like a Linux-ism. If you’re only calling a few function you need to load kernel32.dll and call some functions in it. But that’s a slightly different operation than linking against it. At least how I’ve always used the term link.
You’re not wrong in principle. But Linux and Windows do a lot of things differently wrt linking and loading libs. (I think Windows does it waaay better but ymmv)
Can you elaborate on that?
Btw., I don't want to bash Windows here, I think the Windows core OS developers are (one of) the only good developers at Microsoft. The NT kernel is widely praised for its quality and the actual OS seems to be really solid. They just happen to also have lots of shitty company sections that release crappy software and bundle malware, ads and telemetry with the actual OS.
Loading a library and calling some functions from it is linking. The function pointer you receive is your link to the library function.