概述:汇编获取进程和系统的信息
获取进程id
来源:KERNELBASE!GetCurrentProcessId
762a2b20 64a118000000 mov eax, dword ptr fs:[00000018h]
762a2b26 8b4020 mov eax, dword ptr [eax+20h]
762a2b29 c3 ret
762a2b2a cc int 3获取TickCount
来源:KERNELBASE!GetTickCount:
762a1ed0 8bff mov edi, edi
762a1ed2 55 push ebp
762a1ed3 8bec mov ebp, esp
762a1ed5 51 push ecx
762a1ed6 8b0d0400fe7f mov ecx, dword ptr ds:[7FFE0004h]
762a1edc 894dfc mov dword ptr [ebp-4], ecx
762a1edf 81f900000001 cmp ecx, 1000000h
762a1ee5 0f82bae10400 jb KERNELBASE!GetTickCount+0x4e1d5 (762f00a5)
762a1eeb b82003fe7f mov eax, 7FFE0320h
762a1ef0 8b00 mov eax, dword ptr [eax]
762a1ef2 f7e1 mul eax, ecx
762a1ef4 0facd018 shrd eax, edx, 18h
762a1ef8 8be5 mov esp, ebp
762a1efa 5d pop ebp
762a1efb c3 ret 获取TickCount64
来源:KERNELBASE!GetTickCount64
762a2e30 8bff mov edi, edi
762a2e32 55 push ebp
762a2e33 8bec mov ebp, esp
762a2e35 51 push ecx
762a2e36 53 push ebx
762a2e37 56 push esi
762a2e38 57 push edi
762a2e39 8b3d0400fe7f mov edi, dword ptr ds:[7FFE0004h]
762a2e3f ba2403fe7f mov edx, 7FFE0324h
762a2e44 897dfc mov dword ptr [ebp-4], edi
762a2e47 be2003fe7f mov esi, 7FFE0320h
762a2e4c bf2803fe7f mov edi, 7FFE0328h
762a2e51 8b02 mov eax, dword ptr [edx]
762a2e53 8b1e mov ebx, dword ptr [esi]
762a2e55 8b0f mov ecx, dword ptr [edi]
762a2e57 3bc1 cmp eax, ecx
762a2e59 7525 jne KERNELBASE!_GetTickCount64@0+0x50 (762a2e80)
762a2e5b f765fc mul eax, dword ptr [ebp-4]
762a2e5e 5f pop edi
762a2e5f 8bc8 mov ecx, eax
762a2e61 8bf2 mov esi, edx
762a2e63 8bc3 mov eax, ebx
762a2e65 f765fc mul eax, dword ptr [ebp-4]
762a2e68 0fa4ce08 shld esi, ecx, 8
762a2e6c 0facd018 shrd eax, edx, 18h
762a2e70 c1e108 shl ecx, 8
762a2e73 c1ea18 shr edx, 18h
762a2e76 03c1 add eax, ecx
762a2e78 13d6 adc edx, esi
762a2e7a 5e pop esi
762a2e7b 5b pop ebx
762a2e7c 8be5 mov esp, ebp
762a2e7e 5d pop ebp
762a2e7f c3 ret
762a2e80 f390 pause
762a2e82 ebcd jmp KERNELBASE!_GetTickCount64@0+0x21 (762a2e51)