随笔分类 - Win32
摘要:call @F@@:pop ebx sub ebx,offset @B代码用于重定位call @Fdb 'LoadLibraryA',0db 'MessageBoxA',0 @@:pop edx此时 edx 指向的是LoadLibraryA字符串的开头
阅读全文
摘要:1 ;======================= 2 ;模拟GetProcAddress 3 ;函数功能:根据基址和函数名获取函数地址 4 ;参数:_lpBase为基址,_lpBuf为字符串地址 5 ;返回值:函数VA 6 ;======================= 7 _GetApiFromName proc _lpBase,_lpBuf 8 local lRet 9 pushad10 11 mov edi,_lpBuf12 xor eax,eax13 mov ecx,-114 repz scasb15 ...
阅读全文
摘要:;xp下使用_GetKernelBase proc local @dwRet pushad assume fs:nothing mov eax,fs:[30h] ;获取PEB所在地址 mov eax,[eax+0ch] ;获取PEB_LDR_DATA 结构指针 mov esi,[eax+1ch] ;获取InInitializationOrderModuleList 链表头 ;第一个LDR_MODULE节点InInitializationOrderModuleList成员的指针 lodsd ;获取双向链表当前节点后继的指针 mov e...
阅读全文
摘要:.386.model flat,stdcalloption casemap:noneinclude Windows.incinclude User32.incinclude Kernel32.incincludelib User32.libincludelib Kernel32.lib.datahMainHandle dd ?hReturnAddress dd ?szPaintBuf db '%08x',0szBuf db 100 dup(0)szSectionName db 9 dup(0).code ;///////////////////////////////////.
阅读全文
摘要:1 .386 2 .model flat,stdcall 3 option casemap:none 4 5 include Windows.inc 6 include User32.inc 7 include Kernel32.inc 8 includelib User32.lib 9 includelib Kernel32.lib 10 11 .data 12 hMainHandle dd ? 13 hFile dd ? 14 nSize dd ? 15 hMap dd ? 16 hMapBase dd ? 17 hReturnAddre...
阅读全文
摘要:1 .386 2 .model flat,stdcall 3 option casemap:none 4 5 include Windows.inc 6 include User32.inc 7 include Kernel32.inc 8 includelib User32.lib 9 includelib Kernel32.lib 10 11 .data 12 hBase dd ? 13 lpszFilePath db 'D:\asm\SpiShow.dll',0 14 Msg db '%08x %08x %s',0 15 .c...
阅读全文
摘要:1 .386 2 .model flat,stdcall 3 option casemap:none 4 5 include Windows.inc 6 include User32.inc 7 include Kernel32.inc 8 includelib User32.lib 9 includelib Kernel32.lib 10 11 .data 12 hBase dd ? 13 szDllBuf db 'd:\asm\SpiShow.dll',0 14 .code 15 _RVAToOffset proc _lpFileHead,_dwRVA 16...
阅读全文
摘要:1 .386 2 .model flat,stdcall 3 option casemap:none 4 5 include Windows.inc 6 include User32.inc 7 include Kernel32.inc 8 includelib User32.lib 9 includelib Kernel32.lib 10 11 ;声明函数 12 _QLGetProcAddress typedef proto :dword,:dword 13 ;声明函数引用 14 _ApiGetProcAddress typedef ptr _Q...
阅读全文