以下代码段应该在InInitializationOrderModuleList内遍历PEB并返回kernel32.dll的基址。但是,当我尝试Console assemble and link以下代码时,我收到错误消息,指出存在missing operator in expression。
.486
option casemap :none
include \masm32\include\masm32rt.inc
.code
start:
call main
exit
main proc
mov eax, large fs:30h
mov eax, [eax+0Ch]
mov esi, [eax+1Ch]
lodsd
mov eax, [eax+8]
print str$(eax)
ret
main endp
end start
所以,我改为: -
mov eax, fs:30h
我得到的错误是error A2108: Use of register assumed to ERROR。我做错了什么?
答案 0 :(得分:1)
刚才想到,添加assume fs:nothing可以解决问题。