标签:ddr adl 内联 lib 获得 asm address load ret
DWORD GetKerner32ImageBase()
{
DWORD nIMageBase = 0;
__asm
{
xor edx,edx
mov ecx, fs:[0x30];
mov ecx, [ecx + 0x0C];
mov ecx, [ecx + 0x1C];
loc_57901D:
mov eax, [ecx + 0x8]; //获得Kerner32的基址.
mov ebx, [ecx + 0x20];
mov ecx, [ecx];
cmp[ebx + 18h], dx;
jnz loc_57901D;
//得到kerner32的地址
mov nIMageBase , eax;
}
return nLoadlibraryAddress;
}
标签:ddr adl 内联 lib 获得 asm address load ret
原文地址:https://www.cnblogs.com/iBinary/p/10749275.html
