-
-
[求助]win7下获取kernel32基地址问题
-
发表于: 2015-5-14 11:18
-
代码如下:
发现找到的kernel32基地址好像不对啊。。。
; #########################################################################
.386
.model flat, stdcall
option casemap :none ; case sensitive
; #########################################################################
include \MASMPlus\Include\windows.inc
include \MASMPlus\Include\user32.inc
include \MASMPlus\Include\kernel32.inc
includelib \MASMPlus\lib\user32.lib
includelib \MASMPlus\lib\kernel32.lib
; #########################################################################
.data
szTitle db "Kernel32映像基地址搜索",0
szMsg1 db 256 dup(0)
fmt db "Kernel32.dll的ImageBase是: %X",0
.code
start:
pushad
assume fs:nothing
find_kernel32:
push esi
xor ecx, ecx
mov esi, fs:[ecx+ 30h]
mov esi, [esi + 0ch]
mov esi, [esi + 1ch]
next_module:
mov eax, [esi + 8h]
mov edi, [esi + 20h]
mov esi, [esi]
cmp [edi+18h],cx
jne next_module
pop esi
invoke wsprintf,offset szMsg1,offset fmt, eax
invoke MessageBoxA,0,offset szMsg1, offset szTitle,1040h
popad;
invoke ExitProcess,0
; invoke MessageBoxA,0,offset szMsg1, offset szTitle,1040h
; invoke MessageBoxA,0,offset szMsg2, offset szTitle,1040h
; invoke ExitProces
end start发现找到的kernel32基地址好像不对啊。。。
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
|
|
|---|---|
