📄 krltest.asm
字号:
.386
.model flat,stdcall
option casemap:none
include \masm32\include\windows.inc
include \masm32\include\kernel32.inc
include \masm32\include\user32.inc
includelib \masm32\lib\kernel32.lib
includelib \masm32\lib\user32.lib
.data
limit db 50h
Krl32Base dd 0
fmt db "Kernel32 Base Address = %X",0
buf db 256 dup (0)
szCap db "Get Krl Base",0
.code
start:
call vir_start
vir_start:
pop ebp
sub ebp,offset vir_start
mov esi,[esp]
and esi,0fffff000h
call GetKernel32Base
push eax
pop Krl32Base
invoke wsprintf,offset buf,offset fmt,Krl32Base
invoke MessageBox,NULL,offset buf,offset szCap,MB_OK or MB_ICONINFORMATION
invoke ExitProcess,0
GetKernel32Base:
xor eax,eax
search_loop1:
cmp byte ptr [ebp+limit],00h
jz search_exit
cmp word ptr[esi],5a4dh
jz check_pe
search_loop2:
sub esi,1000h
dec byte ptr [ebp+limit]
jmp search_loop1
check_pe:
mov edi,[esi+3ch]
add edi,esi
cmp word ptr [edi],4550h
jz get_base
jmp search_loop2
search_exit:
stc
get_base:
xchg eax,esi
ret
end start⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -