Okay, here is a snippet of assembly code of how to get a pointer to kernel32.dll, I’ll assume that you have some basic knowledge about the following topics:
Assembly Programming Language
Stack
Debugging
mov eax, [esp]
or eax, 00000FFFh
xor eax, 00000FFFh
@@Compare:
cmp word ptr [eax], ‘ZM’
je @@Kernel32Found
sub eax, 1000h
jmp @@Compare
[ … ]
Okay, so here is a very interesting thing; the kernel’s entry-point. I’ve disassembled it and translated the assembly listing into a pseudo like readable C code.
int KiSystemStartup(x) {
[…]
KiInitializeMachineType();
[…]
KiInitialiseKernel(x,x,x,x,x,x);
KiIdleLoop();
}
I apologize for the sloppy look of the code, but it’s quiet primitive to write code in here. Anyways, the previous snippet of code was from the entry-point […]
Hey again…so I’ve been playing around reversing Windows XP’ kernel (ntoskrnl.exe) for fun and learning. It’s quiet interesting to understand what’s going on under the hood. However, certain limitations sets me back a little, but it doesn’t stop me. Anyways, I’ll try to post some interesting stuff later.
0