News:

MASM32 SDK Description, downloads and other helpful links
MASM32.com New Forum Link
masmforum WebSite

Interesting change in XPSP2

Started by donkey, June 19, 2005, 02:02:44 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

donkey

June 19, 2005, 02:02:44 AM
I was playing around with my favourite part of Windows today (the PEB) and found that there has been a minor change in XP Service Pack 2. Formerly, the following was true at startup of a program...

EBX = 7FFDF000h ; For NT systems
EBX == 00530000h ; For 9x systems
EAX = NULL

However in SP2 it seems to have been changed a bit...

EBX = 7FFD?000h ; Where the ? indicates that the PEB address in no longer fixed though the high order WORD is fixed
EAX = 10000000h
"Ahhh, what an awful dream. Ones and zeroes everywhere...[shudder] and I thought I saw a two." -- Bender
"It was just a dream, Bender. There's no such thing as two". -- Fry
-- Futurama

Donkey's Stable

donkey

#1
June 19, 2005, 02:35:02 AM
BTW, just in case you wondered this is how to determine the OS family (NT or 9x) at startup...

Code Select
Start:
// Determine the OS family (9x or NT)
sub ecx,ecx
sub eax,eax
inc ecx
test ebx, 0FF000000h
cmovz eax,ecx
mov [f9xSystem],eax
"Ahhh, what an awful dream. Ones and zeroes everywhere...[shudder] and I thought I saw a two." -- Bender
"It was just a dream, Bender. There's no such thing as two". -- Fry
-- Futurama

Donkey's Stable
Print
Go Up Pages1
User actions