【汇编】系统汇编代码整理

概述:汇编获取进程和系统的信息

获取进程id

来源:KERNELBASE!GetCurrentProcessId

1
2
3
4
762a2b20 64a118000000   mov     eax, dword ptr fs:[00000018h]
762a2b26 8b4020         mov     eax, dword ptr [eax+20h]
762a2b29 c3             ret     
762a2b2a cc             int     3

获取TickCount

来源:KERNELBASE!GetTickCount:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
762a1ed0 8bff           mov     edi, edi
762a1ed2 55             push    ebp
762a1ed3 8bec           mov     ebp, esp
762a1ed5 51             push    ecx
762a1ed6 8b0d0400fe7f   mov     ecx, dword ptr ds:[7FFE0004h]
762a1edc 894dfc         mov     dword ptr [ebp-4], ecx
762a1edf 81f900000001   cmp     ecx, 1000000h
762a1ee5 0f82bae10400   jb      KERNELBASE!GetTickCount+0x4e1d5 (762f00a5)
762a1eeb b82003fe7f     mov     eax, 7FFE0320h
762a1ef0 8b00           mov     eax, dword ptr [eax]
762a1ef2 f7e1           mul     eax, ecx
762a1ef4 0facd018       shrd    eax, edx, 18h
762a1ef8 8be5           mov     esp, ebp
762a1efa 5d             pop     ebp
762a1efb c3             ret

获取TickCount64

来源:KERNELBASE!GetTickCount64

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
762a2e30 8bff         mov     edi, edi
762a2e32 55           push    ebp
762a2e33 8bec         mov     ebp, esp
762a2e35 51           push    ecx
762a2e36 53           push    ebx
762a2e37 56           push    esi
762a2e38 57           push    edi
762a2e39 8b3d0400fe7f mov     edi, dword ptr ds:[7FFE0004h]
762a2e3f ba2403fe7f   mov     edx, 7FFE0324h
762a2e44 897dfc       mov     dword ptr [ebp-4], edi
762a2e47 be2003fe7f   mov     esi, 7FFE0320h
762a2e4c bf2803fe7f   mov     edi, 7FFE0328h
762a2e51 8b02         mov     eax, dword ptr [edx]
762a2e53 8b1e         mov     ebx, dword ptr [esi]
762a2e55 8b0f         mov     ecx, dword ptr [edi]
762a2e57 3bc1         cmp     eax, ecx
762a2e59 7525         jne     KERNELBASE!_GetTickCount64@0+0x50 (762a2e80)
762a2e5b f765fc       mul     eax, dword ptr [ebp-4]
762a2e5e 5f           pop     edi
762a2e5f 8bc8         mov     ecx, eax
762a2e61 8bf2         mov     esi, edx
762a2e63 8bc3         mov     eax, ebx
762a2e65 f765fc       mul     eax, dword ptr [ebp-4]
762a2e68 0fa4ce08     shld    esi, ecx, 8
762a2e6c 0facd018     shrd    eax, edx, 18h
762a2e70 c1e108       shl     ecx, 8
762a2e73 c1ea18       shr     edx, 18h
762a2e76 03c1         add     eax, ecx
762a2e78 13d6         adc     edx, esi
762a2e7a 5e           pop     esi
762a2e7b 5b           pop     ebx
762a2e7c 8be5         mov     esp, ebp
762a2e7e 5d           pop     ebp
762a2e7f c3           ret     
762a2e80 f390         pause   
762a2e82 ebcd         jmp     KERNELBASE!_GetTickCount64@0+0x21 (762a2e51)
B_Code > 汇编
【汇编】系统汇编代码整理
https://hodlyounger.github.io/2023/11/21/B_Code/汇编/【汇编】获取进程系统信息/
作者
mingming
发布于
2023年11月21日
许可协议