WinAsm Studio, The Assembly IDE - Free Downloads, Source Code
Sponsors
Articles
Programming Quick Start
32-bit Assembler is Easy
Porting Iczelion tutorials
What is FASM
What is FASM G
Hard Drive Recovery
Wiring your own LAN
Personal menu
Welcome Guest
User:
Pass:
Register!
Resend Validation Email
 
Forum
Forum Rules Snippets forum rules

In this forum all the registered users may post their snippets of code they whish to share with the WinAsm Studio community following these basic rules:
* Only snippets of code are accepted in the topics of this forum.
* Discussions, suggestions, requests etc. must be posted in the "Discussions" topic.
* Do not post copyrighted material.
Administrators/moderators may edit, move or delete the entries that do not follow the preceding rules.

Pages (2) [1] 2   ( Go to first unread post )

Get Kernel32.dll Base, without using GetModuleHandle or LoadLibrary, that is, no import; useful for inline code.

Jupiter
Quote Post


Extremely Active Member
******

Group: Moderators
Posts: 745
Member No.: 773
Joined: 10-November 04


Get Kernel32.dll Base
Similiar to

CODE
GetModuleHandle("kernel32.dll")
or
LoadLibrary("kernel32.dll")


but code below let to know kernel base w/o any import
may be usefull for inline code

CODE
 assume fs:nothing

 push esi
 mov eax,fs:[30h]
 mov eax,[eax+0Ch]
 mov esi,[eax+1Ch]
 lodsd
 mov eax,[eax+08h]
; eax now contains kernel base
 pop esi

Sponsored Links
PMEmail Poster
Top
quangredlight
Quote Post


New Member
*

Group: Members
Posts: 4
Member No.: 22341
Joined: 15-May 09


Your code base on PEB Struture ( Process Environment Block )
PMEmail Poster
Top
Jupiter
Quote Post


Extremely Active Member
******

Group: Moderators
Posts: 745
Member No.: 773
Joined: 10-November 04


QUOTE (quangredlight @ Jun 22 2010, 01:35 PM)
Your code base on PEB Struture ( Process Environment Block )

sure
PMEmail Poster
Top
F45M_H4x0r
Quote Post


New Member
*

Group: Members
Posts: 2
Member No.: 24540
Joined: 17-July 09


FASM-Code | 9 byte :coder
Win7 Build 7600 & win xp sp3

CODE

mov ebx,[ebx+0x0c]; save the
mov ebx,[ebx+0x20]; kernel32.dll-base-addr
mov ebx,[ebx+0x08]; in ebx
PM
Top
Jupiter
Quote Post


Extremely Active Member
******

Group: Moderators
Posts: 745
Member No.: 773
Joined: 10-November 04


QUOTE (F45M_H4x0r @ Jun 26 2010, 05:12 PM)
FASM-Code

You mean MASM can't compile this code?

CODE

mov ebx,[ebx+0Ch]; save the
mov ebx,[ebx+20h]; kernel32.dll-base-addr
mov ebx,[ebx+8]; in ebx


Are sure that your code may be used anywhere in the app as is?
PMEmail Poster
Top
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

Topic Options Pages (2) [1] 2  Reply to this topicStart new topic

 

Sponsors
Computer Science

Internet
C/C++
Hardware & PC maintenance

HiEditor

General Discussions
Suggestions/Bug Reports
WinAsm Studio

General Discussions
Suggestions/Bug Reports
WinAsm Studio FAQ
Multilingual User Interface
Add-Ins
Assembly Programming

Main
Newbies
Projects
Custom Controls
Snippets
Announcements & Rules

Announcements

General

Online Degrees - Distance Learning
The Heap
Russian
Google