3种获得kernel32基址的方法

2024年2月7日发(作者：)

18 PVOID WOW32Reserved; /* C0h */19 LCID CurrentLocale; /* C4h */20 ULONG FpSoftwareStatusRegister; /* C8h */21 PVOID SystemReserved1[0x36]; /* CCh */22 LONG ExceptionCode; /* 1A4h */23struct_ACTIVATION_CONTEXT_STACK *ActivationContextStackPointer; /* 1A8h */24 UCHAR SpareBytes1[0x28]; /* 1ACh */25 GDI_TEB_BATCH GdiTebBatch; /* 1D4h */26 CLIENT_ID RealClientId; /* 6B4h */27 PVOID GdiCachedProcessHandle; /* 6BCh */28 ULONG GdiClientPID; /* 6C0h */29 ULONG GdiClientTID; /* 6C4h */30 PVOID GdiThreadLocalInfo; /* 6C8h */31 ULONG Win32ClientInfo[62]; /* 6CCh */32 PVOID glDispatchTable[0xE9]; /* 7C4h */33 ULONG glReserved1[0x1D]; /* B68h */34 PVOID glReserved2; /* BDCh */35 PVOID glSectionInfo; /* BE0h */36 PVOID glSection; /* BE4h */37 PVOID glTable; /* BE8h */38 PVOID glCurrentRC; /* BECh */39 PVOID glContext; /* BF0h */40 NTSTATUS LastStatusValue; /* BF4h */41 UNICODE_STRING StaticUnicodeString; /* BF8h */42 WCHAR StaticUnicodeBuffer[0x105]; /* C00h */43 PVOID DeallocationStack; /* E0Ch */44 PVOID TlsSlots[0x40]; /* E10h */45 LIST_ENTRY TlsLinks; /* F10h */46 PVOID Vdm; /* F18h */47 PVOID ReservedForNtRpc; /* F1Ch */48 PVOID DbgSsReserved[0x2]; /* F20h */49 ULONG HardErrorDisabled; /* F28h */50 PVOID Instrumentation[14]; /* F2Ch */51 PVOID SubProcessTag; /* F64h */52 PVOID EtwTraceData; /* F68h */

53 PVOID WinSockData; /* F6Ch */54 ULONG GdiBatchCount; /* F70h */55 BOOLEAN InDbgPrint; /* F74h */56 BOOLEAN FreeStackOnTermination; /* F75h */57 BOOLEAN HasFiberData; /* F76h */58 UCHAR IdealProcessor; /* F77h */59 ULONG GuaranteedStackBytes; /* F78h */60 PVOID ReservedForPerf; /* F7Ch */61 PVOID ReservedForOle; /* F80h */62 ULONG WaitingOnLoaderLock; /* F84h */63 ULONG SparePointer1; /* F88h */64 ULONG SoftPatchPtr1; /* F8Ch */65 ULONG SoftPatchPtr2; /* F90h */66 PVOID *TlsExpansionSlots; /* F94h */67 ULONG ImpersionationLocale; /* F98h */68 ULONG IsImpersonating; /* F9Ch */69 PVOID NlsCache; /* FA0h */70 PVOID pShimData; /* FA4h */71 ULONG HeapVirualAffinity; /* FA8h */72 PVOID CurrentTransactionHandle; /* FACh */73 PTEB_ACTIVE_FRAME ActiveFrame; /* FB0h */74 PVOID FlsData; /* FB4h */75 UCHAR SafeThunkCall; /* FB8h */76 UCHAR BooleanSpare[3]; /* FB9h */77 } TEB, *PTEB;PEB结构1 typedef struct _PEB2 {3 UCHAR InheritedAddressSpace; // 00h4 UCHAR ReadImageFileExecOptions; // 01h5 UCHAR BeingDebugged; // 02h6 UCHAR Spare; // 03h7 PVOID Mutant; // 04h8 PVOID ImageBaseAddress; // 08h

9 PPEB_LDR_DATA Ldr; // 0Ch10 PRTL_USER_PROCESS_PARAMETERS ProcessParameters; // 10h11 PVOID SubSystemData; // 14h12 PVOID ProcessHeap; // 18h13 PVOID FastPebLock; // 1Ch14 PPEBLOCKROUTINE FastPebLockRoutine; // 20h15 PPEBLOCKROUTINE FastPebUnlockRoutine; // 24h16 ULONG EnvironmentUpdateCount; // 28h17 PVOID* KernelCallbackTable; // 2Ch18 PVOID EventLogSection; // 30h19 PVOID EventLog; // 34h20 PPEB_FREE_BLOCK FreeList; // 38h21 ULONG TlsExpansionCounter; // 3Ch22 PVOID TlsBitmap; // 40h23 ULONG TlsBitmapBits[0x2]; // 44h24 PVOID ReadOnlySharedMemoryBase; // 4Ch25 PVOID ReadOnlySharedMemoryHeap; // 50h26 PVOID* ReadOnlyStaticServerData; // 54h27 PVOID AnsiCodePageData; // 58h28 PVOID OemCodePageData; // 5Ch29 PVOID UnicodeCaseTableData; // 60h30 ULONG NumberOfProcessors; // 64h31 ULONG NtGlobalFlag; // 68h32 UCHAR Spare2[0x4]; // 6Ch33 LARGE_INTEGER CriticalSectionTimeout; // 70h34 ULONG HeapSegmentReserve; // 78h35 ULONG HeapSegmentCommit; // 7Ch36 ULONG HeapDeCommitTotalFreeThreshold; // 80h37 ULONG HeapDeCommitFreeBlockThreshold; // 84h38 ULONG NumberOfHeaps; // 88h39 ULONG MaximumNumberOfHeaps; // 8Ch40 PVOID** ProcessHeaps; // 90h41 PVOID GdiSharedHandleTable; // 94h42 PVOID ProcessStarterHelper; // 98h43 PVOID GdiDCAttributeList; // 9Ch