这是我用masm32写的代码,环境win7家庭普通
代码说明:获取Kernel32.dll基址,再退出进程
mov _kernel32base,eax
说是违规访问kernel32.dll
我觉得是因为在代码段写入造成的~~~不知道大家怎么觉得
代码说明:获取Kernel32.dll基址,再退出进程
出错的位置:.386
.model flat,stdcall
option casemap:none
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
; include 文件定义
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
include windows.inc
include user32.inc
includelib user32.lib
include kernel32.inc
includelib kernel32.lib
;code segment
; .data?
;_kernel32base dd ?
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
; .const
;Error db "Error",0
;GetKerBasAddErr db "GetKerBasAddErr!",0
;Succ db "Success",0
;GetKerBasAddSuc db "GetKerBasAddSuc!",0
.code
;>>>>>>>>>>>>>>>>>>>>>>>
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>..
_kernel32base dd ?
Error db "Error",0
GetKerBasAddErr db "GetKerBasAddErr!",0
Succ db "Success",0
GetKerBasAddSuc db "GetKerBasAddSuc!",0
_GetKerBaAddr proc
mov eax,[esp+4]
and eax,0ffff0000h
push ebx
.repeat
.if word ptr[eax]==IMAGE_DOS_SIGNATURE
mov ebx,[eax+3ch]
add ebx,eax
.if dword ptr[ebx]==IMAGE_NT_SIGNATURE
mov _kernel32base,eax ;运行出错位置
pop ebx
ret
.endif
.endif
sub eax,010000h
.until eax<070000000h
.if eax<070000000h
xor eax,eax
.endif
pop ebx
ret
_GetKerBaAddr endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
start:
call _GetKerBaAddr
.if eax==0
invoke MessageBoxA,NULL,addr GetKerBasAddErr,addr Error,MB_OK
jmp @f
.endif
invoke MessageBoxA,NULL,addr GetKerBasAddSuc,addr Succ,MB_OK
mov eax,_kernel32base
add eax,0005BBE2h
call eax
@@: invoke ExitProcess,NULL
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>.
end start
mov _kernel32base,eax
说是违规访问kernel32.dll
我觉得是因为在代码段写入造成的~~~不知道大家怎么觉得