摘要:
;xp下使用_GetKernelBase proc local @dwRet pushad assume fs:nothing mov eax,fs:[30h] ;获取PEB所在地址 mov eax,[eax+0ch] ;获取PEB_LDR_DATA 结构指针 mov esi,[eax+1ch] ;获取InInitializationOrderModuleList 链表头 ;第一个LDR_MODULE节点InInitializationOrderModuleList成员的指针 lodsd ;获取双向链表当前节点后继的指针 mov e... 阅读全文
摘要:
.386.model flat,stdcalloption casemap:noneinclude Windows.incinclude User32.incinclude Kernel32.incincludelib User32.libincludelib Kernel32.lib.datahMainHandle dd ?hReturnAddress dd ?szPaintBuf db '%08x',0szBuf db 100 dup(0)szSectionName db 9 dup(0).code ;///////////////////////////////////. 阅读全文
摘要:
1 .386 2 .model flat,stdcall 3 option casemap:none 4 5 include Windows.inc 6 include User32.inc 7 include Kernel32.inc 8 includelib User32.lib 9 includelib Kernel32.lib 10 11 .data 12 hMainHandle dd ? 13 hFile dd ? 14 nSize dd ? 15 hMap dd ? 16 hMapBase dd ? 17 hReturnAddre... 阅读全文
摘要:
1 .386 2 .model flat,stdcall 3 option casemap:none 4 5 include Windows.inc 6 include User32.inc 7 include Kernel32.inc 8 includelib User32.lib 9 includelib Kernel32.lib 10 11 .data 12 hBase dd ? 13 lpszFilePath db 'D:\asm\SpiShow.dll',0 14 Msg db '%08x %08x %s',0 15 .c... 阅读全文
摘要:
1 .386 2 .model flat,stdcall 3 option casemap:none 4 5 include Windows.inc 6 include User32.inc 7 include Kernel32.inc 8 includelib User32.lib 9 includelib Kernel32.lib 10 11 .data 12 hBase dd ? 13 szDllBuf db 'd:\asm\SpiShow.dll',0 14 .code 15 _RVAToOffset proc _lpFileHead,_dwRVA 16... 阅读全文
摘要:
1 .386 2 .model flat,stdcall 3 option casemap:none 4 5 include Windows.inc 6 include User32.inc 7 include Kernel32.inc 8 includelib User32.lib 9 includelib Kernel32.lib 10 11 ;声明函数 12 _QLGetProcAddress typedef proto :dword,:dword 13 ;声明函数引用 14 _ApiGetProcAddress typedef ptr _Q... 阅读全文