📄 krltest_f800.asm
字号:
.386
.model flat,stdcall
option casemap:none
include \masm32\include\windows.inc
include \masm32\include\kernel32.inc
include \masm32\include\user32.inc
includelib \masm32\lib\kernel32.lib
includelib \masm32\lib\user32.lib
.data
KernelAddress dd 0
fmt db "Kernel32 Address = %X",0
buf db 256 dup (0)
szCap db "KrlTest_f800",0
.code
start:
mov ecx,[esp]
GetKrnlBaseLoop:
xor edx,edx
dec ecx
mov dx,word ptr [ecx+3ch]
test dx,0f800h
jnz GetKrnlBaseLoop
cmp ecx,dword ptr [ecx+edx+34h]
jnz GetKrnlBaseLoop
mov KernelAddress,ecx
invoke wsprintf,offset buf,offset fmt,KernelAddress
invoke MessageBox,NULL,offset buf,offset szCap,MB_OK or MB_ICONINFORMATION
invoke ExitProcess,0
end start⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -