How can i its address using Debug API, thanks.
Posted on 2004-04-17 04:40:18 by x-dream
Use GetThreadContext to get the value of FS, then use GetThreadSelectorEntry and ReadProcessMemory.
Posted on 2004-04-17 04:45:28 by Sephiroth3

Use GetThreadContext to get the value of FS, then use GetThreadSelectorEntry and ReadProcessMemory.


Ok, lets say i get regFs value how would i then use it on GetThreadSelectorEntry/ReadProcessMemory.
Posted on 2004-04-17 04:57:58 by x-dream
Use it like this:
push eax
push eax
push esp
push Selector
push hThread
call GetThreadSelectorEntry
pop eax
pop edx
mov al,dl
bswap edx
mov ah,dl
rol eax,16
push eax
mov ecx,esp
push 0
push eax
push ecx
push 4
push hProcess
call ReadProcessMemory
pop eax
; Value at FS:0 should now be in EAX
Posted on 2004-04-17 09:37:25 by Sephiroth3