; 32位 -- 参考：https://github.com/mai1zhi2/ShellCodeFramework/blob/bb16c47cf6bbc673b80a2743f0841d2b2d86846b/Framework/Shellcode.cpp
GetKernel32Base32 PROC
  	mov eax, fs:[18h]               ; 找到teb
	mov eax, [eax + 30h]           	; peb
	mov eax, [eax + 0ch]           	; PEB_LDR_DATA
	mov eax, [eax + 0ch]           	; LIST_ENTRY 主模块
	mov eax, [eax]                  ; ntdll
	mov eax, [eax]                  ; kernel32
	mov eax, dword ptr[eax + 18h]  	; kernel32基址
	ret
GetKernel32Base32 ENDP

; 64位 -- 参考：https://blog.xenoscr.net/2019/12/08/Locating-Kernel32-Base-Address.html
GetKernel32Base64 PROC
    mov rax, gs:[60h]				; Find the Address of the PEB Structure
    mov rax, [rax+18h]				; Find the Address of the PEB_LDR_DATA Structure
    mov rax, [rax+20h]				; Find the Address of the InMemoryOrderModuleList list
    mov rax, [rax]				; ntdll -- Iterate to the Third InMemoryOrderModuleList Entry
    mov rax, [rax]				; kernel32 -- Iterate to the Third InMemoryOrderModuleList Entry
    mov r12, [rax+20h]				; kernel32基址
    mov rax, r12
    ret
GetKernel32Base64 ENDP