///XP/Vista/WIN7以及X86/X64 通吃
function Kernel32Handle(): HMODULE;
{$IFDEF CPUX64}
asm
mov rbx,$60
mov rax,[gs:rbx] // peb
mov rax,[rax+$18] // LDR
mov rax,[rax+$30] // InLoadOrderModuleList.Blink,
mov rax,[rax] // [_LDR_MODULE.InLoadOrderModuleList].Blink kernelbase.dll
mov rax,[rax] // [_LDR_MODULE.InLoadOrderModuleList].Blink kernel32.dll
mov rax,[rax+$10] //[_LDR_MODULE.InLoadOrderModuleList]. BaseAddress
end;
{$ELSE}
asm
mov eax,[fs:$30] // Peb
mov eax,[eax+$C] // LDR
mov eax,[eax+$C] // InLoadOrderModuleList
mov eax,[eax] // [_LDR_MODULE.InLoadOrderModuleList].Blink kernelbase.dll
mov eax,[eax] //[_LDR_MODULE.InLoadOrderModuleList].Blink kernel32.dll
mov eax,[eax+$18] //[_LDR_MODULE.InLoadOrderModuleList]. BaseAddress
end;
{$ENDIF}
版權聲明:本文為CSDN部落客「weixin_33939843」的原創文章,遵循CC 4.0 BY-SA版權協定,轉載請附上原文出處連結及本聲明。
原文連結:https://blog.csdn.net/weixin_33939843/article/details/91539095