_GetKernelBase proc dwKernelRet
local @dwReturn


mov @dwReturn, 0

call @F

pop ebx
sub ebx, offset @B

assume fs : nothing

push ebp

lea eax,
push eax

lea eax,
push eax

push fs : [0]

mov fs : [0], esp

mov edi, dwKernelRet
and edi, 0ffff0000h

.while TRUE

.if word ptr == IMAGE_DOS_SIGNATURE

mov esi, edi
add esi,

.if dword ptr == IMAGE_NT_SIGNATURE
mov @dwReturn, edi



sub edi, 010000h
.break .if edi < 070000000h


pop fs : [0]
add esp, 0ch


mov eax, @dwReturn

_GetKernelBase endp

i can't catch the following statements:

sub edi, 010000h
.break .if edi < 070000000h

what do these means?

Posted on 2003-05-04 20:58:05 by freeia
Its one mans take on a "structured" (and i use that word loosely) error handler. This is all i can get from it, i dont really know SEH all to well. Threre are others here that do, and may be able to expand on it more...

Sorry im not much more help than this...
Posted on 2003-05-04 21:11:39 by NaN
Posted on 2003-05-04 21:18:22 by lingo12