Hey.
i got the next thing in code:
int 21h;
what is that?
and also probably from the relative area:
mov eax,fs:[18h]
as well as:
mov eax,dword ptr
as well as:
mov eax,7ffdf00ch

what is all the above stuff?
i think it is all relate, and that is why i posted so many of the examples in 1 post.....
so can somone give me info on what that all is?
i think it is relative but might be a bit diffrent, so i didn;t want to have wrong info....
thx
Posted on 2004-08-29 22:45:37 by ReVeR
"int 21h" would be an example of old 16bit DOS code - if you need a reference of the DOS and BIOS interrupts, google for "ralf brown interrupt list".

"mov eax,fs:[18h]" is "tricky stuff" ( is the TEB self-pointer)

"mov eax,dword ptr " looks like a normal way of accessing a parameter in a proc with the traditional EBP frame.

"mov eax,7ffdf00ch" loads a constant into the EAX register ;) - I believe that offset has something to do with the PEB.

So... it looks like you're dealing with some tricky stuff. You aren't messing with exploits, shellcode, and that kind of stuff, are you?
Posted on 2004-08-30 01:06:04 by f0dder
no, none of that stuff....
anyways where can i get more info on the Peb and Teb stuff.,..what it is ,etc.....
Posted on 2004-08-30 11:02:23 by ReVeR
Try the board search, PEB gives hits...
Posted on 2004-08-30 11:19:45 by f0dder