随笔分类 -  Win32

摘要:call @F@@:pop ebx sub ebx,offset @B代码用于重定位call @Fdb 'LoadLibraryA',0db 'MessageBoxA',0 @@:pop edx此时 edx 指向的是LoadLibraryA字符串的开头 阅读全文
posted @ 2012-06-18 18:34 nXqaL 阅读(240) 评论(0) 推荐(0) 编辑
摘要:1 ;======================= 2 ;模拟GetProcAddress 3 ;函数功能:根据基址和函数名获取函数地址 4 ;参数:_lpBase为基址,_lpBuf为字符串地址 5 ;返回值:函数VA 6 ;======================= 7 _GetApiFromName proc _lpBase,_lpBuf 8 local lRet 9 pushad10 11 mov edi,_lpBuf12 xor eax,eax13 mov ecx,-114 repz scasb15 ... 阅读全文
posted @ 2012-03-20 16:09 nXqaL 阅读(396) 评论(0) 推荐(1) 编辑
摘要:;xp下使用_GetKernelBase proc local @dwRet pushad assume fs:nothing mov eax,fs:[30h] ;获取PEB所在地址 mov eax,[eax+0ch] ;获取PEB_LDR_DATA 结构指针 mov esi,[eax+1ch] ;获取InInitializationOrderModuleList 链表头 ;第一个LDR_MODULE节点InInitializationOrderModuleList成员的指针 lodsd ;获取双向链表当前节点后继的指针 mov e... 阅读全文
posted @ 2012-03-16 22:17 nXqaL 阅读(663) 评论(0) 推荐(0) 编辑
摘要:.386.model flat,stdcalloption casemap:noneinclude Windows.incinclude User32.incinclude Kernel32.incincludelib User32.libincludelib Kernel32.lib.datahMainHandle dd ?hReturnAddress dd ?szPaintBuf db '%08x',0szBuf db 100 dup(0)szSectionName db 9 dup(0).code ;///////////////////////////////////. 阅读全文
posted @ 2012-03-16 16:46 nXqaL 阅读(179) 评论(0) 推荐(0) 编辑
摘要:1 .386 2 .model flat,stdcall 3 option casemap:none 4 5 include Windows.inc 6 include User32.inc 7 include Kernel32.inc 8 includelib User32.lib 9 includelib Kernel32.lib 10 11 .data 12 hMainHandle dd ? 13 hFile dd ? 14 nSize dd ? 15 hMap dd ? 16 hMapBase dd ? 17 hReturnAddre... 阅读全文
posted @ 2012-03-16 16:42 nXqaL 阅读(336) 评论(0) 推荐(0) 编辑
摘要:1 .386 2 .model flat,stdcall 3 option casemap:none 4 5 include Windows.inc 6 include User32.inc 7 include Kernel32.inc 8 includelib User32.lib 9 includelib Kernel32.lib 10 11 .data 12 hBase dd ? 13 lpszFilePath db 'D:\asm\SpiShow.dll',0 14 Msg db '%08x %08x %s',0 15 .c... 阅读全文
posted @ 2012-03-16 16:36 nXqaL 阅读(357) 评论(0) 推荐(0) 编辑
摘要:1 .386 2 .model flat,stdcall 3 option casemap:none 4 5 include Windows.inc 6 include User32.inc 7 include Kernel32.inc 8 includelib User32.lib 9 includelib Kernel32.lib 10 11 .data 12 hBase dd ? 13 szDllBuf db 'd:\asm\SpiShow.dll',0 14 .code 15 _RVAToOffset proc _lpFileHead,_dwRVA 16... 阅读全文
posted @ 2012-03-16 16:35 nXqaL 阅读(266) 评论(0) 推荐(0) 编辑
摘要:1 .386 2 .model flat,stdcall 3 option casemap:none 4 5 include Windows.inc 6 include User32.inc 7 include Kernel32.inc 8 includelib User32.lib 9 includelib Kernel32.lib 10 11 ;声明函数 12 _QLGetProcAddress typedef proto :dword,:dword 13 ;声明函数引用 14 _ApiGetProcAddress typedef ptr _Q... 阅读全文
posted @ 2012-03-16 16:29 nXqaL 阅读(301) 评论(0) 推荐(0) 编辑

点击右上角即可分享
微信分享提示