摘要：DWORD GetKernel32Base() { DWORD dwKernel32Addr = 0; __asm { push eax; mov eax,dword ptr fs:[0x30] //eax = address of peb mov eax,[eax+0x0C] //address of PEB_LDR_DATA mov eax,[eax+0x1C] // mov eax,[eax] mov eax,[eax+0x08] mov dwKernel32Addr,eax ... 阅读全文

摘要：_cdecl右->左调用者负责pascal被调用者负责__fastcall右->左,寄存器传参被调用者负责__stdcall右->左被调用者负责 阅读全文

摘要：http://en.wikipedia.org/wiki/Win32_Thread_Information_BlockFS:[0x18]4Win9x and NTLinear address of TIB// gcc (AT&T-style inline assembly).void *getTIB(){ void *pTib; __asm__("movl %%fs:0x18, %0" : "=r" (pTib) : : ); return pTib;}// Microsoft Cvoid *getTib(){ void *pTib; __asm 阅读全文

摘要：D:\WinDDK\7600.16385.1\Debuggers>symchk /r c:\windows\system32 /s SRV*e:\localsymbols*http://msdl.microsoft.com/download/symbols 阅读全文