x64下获取kernel32基址shellcode
.flat:0000000000401000 public start.flat:0000000000401000 start:
.flat:0000000000401000 mov rax, 30h
.flat:0000000000401007 mov rax, gs: ; 指向TEB
.flat:000000000040100B mov rax, ; 指向PEB
.flat:000000000040100F mov rax, ; 指向Ldr链
.flat:0000000000401013 mov rax, ; 指向 InLoadOrderModuleList 链表头【你也可以指向 InMemoryOrderModuleList链、InInitializationOrderModuleList链~】
.flat:0000000000401017 mov rax, ; Next
.flat:000000000040101A mov rax, ; Next
.flat:000000000040101D mov rax, ; Kernel32基址
.flat:000000000040101D ; ---------------------------------------------------------------------------
.flat:0000000000401000 public start
.flat:0000000000401000 start:
.flat:0000000000401000 mov rax, 30h
.flat:0000000000401007 mov rax, gs: ; 指向TEB
.flat:000000000040100B mov rax, ; 指向PEB
.flat:000000000040100F mov rax, ; 指向Ldr链
.flat:0000000000401013 mov rax, ; 指向InMemoryOrderModuleList链
.flat:0000000000401017 mov rax, ; Next
.flat:000000000040101A mov rax, ; Next
.flat:000000000040101D mov rax, ; Kernel32基址
.flat:000000000040101D ; ---------------------------------------------------------------------------
gs?是32位的fs到64位变为了gs了吗? F8LEFT 发表于 2015-2-12 14:07
gs?是32位的fs到64位变为了gs了吗?
是的 ~
页:
[1]