Quantcast
Channel: 看雪安全论坛
Viewing all articles
Browse latest Browse all 9556

【求助】让代码段可以写?

$
0
0
这是我用masm32写的代码,环境win7家庭普通

代码说明:获取Kernel32.dll基址,再退出进程
.386
.model flat,stdcall
option casemap:none
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
; include 文件定义
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
include    windows.inc
include    user32.inc
includelib  user32.lib
include    kernel32.inc
includelib  kernel32.lib
;code segment
;      .data?
;_kernel32base  dd  ?
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
;      .const
;Error      db  "Error",0
;GetKerBasAddErr  db  "GetKerBasAddErr!",0
;Succ      db  "Success",0
;GetKerBasAddSuc db  "GetKerBasAddSuc!",0
      .code
;>>>>>>>>>>>>>>>>>>>>>>>
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>..
_kernel32base  dd  ?
Error      db  "Error",0
GetKerBasAddErr  db  "GetKerBasAddErr!",0
Succ      db  "Success",0
GetKerBasAddSuc db  "GetKerBasAddSuc!",0
_GetKerBaAddr    proc
  mov eax,[esp+4]
  and eax,0ffff0000h
  push ebx
  .repeat
    .if word ptr[eax]==IMAGE_DOS_SIGNATURE
      mov ebx,[eax+3ch]
      add ebx,eax
      .if dword ptr[ebx]==IMAGE_NT_SIGNATURE
        mov _kernel32base,eax                                         ;运行出错位置
        pop ebx
        ret
      .endif
    .endif
    sub eax,010000h
  .until  eax<070000000h
  .if eax<070000000h
    xor eax,eax
  .endif
  pop ebx
  ret
_GetKerBaAddr   endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
start:
  call  _GetKerBaAddr
  .if eax==0
    invoke MessageBoxA,NULL,addr GetKerBasAddErr,addr Error,MB_OK
    jmp @f
  .endif
  invoke MessageBoxA,NULL,addr GetKerBasAddSuc,addr Succ,MB_OK
  mov eax,_kernel32base
  add   eax,0005BBE2h
  call   eax
@@:  invoke ExitProcess,NULL
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>.
  end start
出错的位置:
mov _kernel32base,eax
说是违规访问kernel32.dll
我觉得是因为在代码段写入造成的~~~不知道大家怎么觉得

Viewing all articles
Browse latest Browse all 9556

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>