NO

Author Topic: Getting the base of kernel32  (Read 3591 times)

Online Vortex

  • Member
  • *
  • Posts: 868
    • http://www.vortex.masmcode.com
Getting the base of kernel32
« on: October 11, 2010, 09:20:39 PM »
The code portion below finds the base of kernel32. Originally, the method was mentioned in the Masm forum and I converted to Poasm :

Code: [Select]
include kernbase.inc

.data

capt    db 'Kernel base',0
format1 db 'Address = %X',0

.data?

buffer  db 32 dup(?)

.code

start:

; The code to get the base of kernel32
; may not work on every version of Windows

    mov     ecx,[esp]

@@:

    xor     edx,edx
    dec     ecx
    mov     dx,[ecx+03ch]
    test    dx,0f800h
    jnz     @b
    cmp     ecx,[ecx+edx+34h]
    jnz     @b

    invoke  wsprintf,ADDR buffer,ADDR format1,ecx

    invoke  MessageBox,0,ADDR buffer,ADDR capt,MB_OK

    invoke  ExitProcess,0

END start
Code it... That's all...