Support Forums

Support Forums > Categories > Coding Support Forums > Programming with C++ > [C++] Get Kernel32 Base Address
Full Version: [C++] Get Kernel32 Base Address
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

Modest

01-09-2011, 06:45 PM
Code:
typedef HINSTANCE__ * (__stdcall *LoadLibrary_)(wchar_t *);

int wmain()
{
    LoadLibrary_ _LoadLibrary = NULL;

    DWORD dwBaseAddress = 0;

    _asm
    {
        xor ebx, ebx              
        mov ebx, fs:[ 0x30 ]      
        mov ebx, [ ebx + 0x0C ]    
        mov ebx, [ ebx + 0x14 ]    
        mov ebx, [ ebx ]          
        mov ebx, [ ebx ]          
        mov ebx, [ ebx + 0x10 ]    

        mov dwBaseAddress, ebx
    }

    _LoadLibrary = (LoadLibrary_)GetProcAddress((HMODULE)dwBaseAddress, "LoadLibraryW");

    // _LoadLibrary = (LoadLibrary_)GetProcAddress(GetModuleHandle(L"KERNEL32.DLL"), "LoadLibraryW");
}

Usefull technique used in packers / protectors, to stop reverse engineers from decompiling the code, if you notice GetModuleHandleW will not be in the import table Smile
Support Forums > Categories > Coding Support Forums > Programming with C++ > [C++] Get Kernel32 Base Address