Faster GetProcAddress

[ecube]

Works fine on my windows sp2 machine

[Synfire]

Code Select Expand

; GetK32AndNtDll
; Obtains the image base of both kernel32.dll
; and ntdll.dll. (tested on 2K and XP)
; returns:
; EBX = Image Base of NTDLL.DLL
; EAX = Image Base of Kernel32.DLL
GetK32AndNtDll:
assume fs:nothing
mov     eax, fs:[30h]   ; PEB base
mov     eax, [eax+0Ch]  ; PEB_LDR_DATA
mov     eax, [eax+1Ch]  ; Ntdll
mov ebx, [eax+8] ; Ntdll Image Base
mov     eax, [eax]      ; Kernel32
mov     eax, [eax+8]    ; Kernel32 Image Base
ret

[ic2]

Synfire, honestly, I'm just beginning to see what those numbers are all about TEB-PEB ect... Do you have a documented list.  I been looking for at lease 4 days off and on and can't find it anywhere.  donky posted one here but it's gone.

E^cube, It been awhile.  It do work on my XP.  I been using POASM and forget that I have to un-comment this code.  I really based my views on what I have read before than tried something with the [30h] with no success.

; ifndef __POASM__
; assume fs:nothing
; endif 

It's fast as he*l.  I could not even see the first few letters as it search for strings before i get my usual crash on Olly.  I use to swear by y0da kernel  but I see yours a lot faster even by the human eye.  No dis-respect to all the work and here but how about some timing results.

[Synfire]

http://undocumented.ntinternals.net/UserMode/Undocumented%20Functions/NT%20Objects/Process/PEB.html

[lingo]

E^cube,

I'm glad to see you like my fastest GetKernelBase proc
on NT/XP and W98:  :lol
http://www.asmcommunity.net/board/index.php?topic=12560.0

Regards,
Lingo

[ecube]

Yeah I like all your code Lingo  :U i wasn't trying to take credit for it, I posted it here in your thread because of its obvious relation. However in the future i'll be sure to mention the authors name anytime I post code that isn't mine, to make sure theres no confusion.

[FairLight]

Pentium M Dothan 1,86@2,5 Ghz (Asus P4C800-E Dlx.)

Code Select Expand


timing API:  312
timing Lingo:  31