WKL-Sec/Kernel32BaseAddrRetrieval.cpp

## Kernel32BaseAddrRetrieval.cpp
#include <iostream>
#include <windows.h>

void* GetBaseAddressOfKernel32() {
    void* kernel32BaseAddress = nullptr;

    __asm {
        mov rdi, 0xFFFFFFFFFFFFFFFF // Set RDI to -1
        inc rdi                    // Increment RDI to 0
        mov rax, 0                 // Zero out RAX
        lea rsi, [rax + 10h]       // Calculate intermediate address
        add rsi, 50h               // Adjust address for PEB
        mov rbx, gs:[rsi]          // Load PEB address into RBX
        lea rsi, [rbx + 10h + 8h]  // Calculate address for LDR
        mov rbx, [rsi]             // Load LDR address into RBX
        lea rsi, [rbx + 10h + 10h] // Calculate InLoadOrderModuleList address
        mov rbx, [rsi]             // Load InLoadOrderModuleList into RBX
        mov rbx, [rbx]             // Move to the first entry (ntdll.dll)
        mov rbx, [rbx]             // Move to the second entry (kernel32.dll)
        lea rsi, [rbx + 10h + 10h] // Calculate base address of kernel32.dll
        mov rbx, [rsi]             // Load base address of kernel32.dll into RBX
        mov rax, rbx               // Move base address to RAX
        mov kernel32BaseAddress, rax // Store base address in variable
    }

    return kernel32BaseAddress;
}

int main() {
    void* kernel32BaseAddr = GetBaseAddressOfKernel32();
    std::cout << "Base Address of kernel32.dll: " << kernel32BaseAddr << std::endl;
    return 0;
}
	#include <iostream>
	#include <windows.h>

	void* GetBaseAddressOfKernel32() {
	void* kernel32BaseAddress = nullptr;

	__asm {
	mov rdi, 0xFFFFFFFFFFFFFFFF // Set RDI to -1
	inc rdi // Increment RDI to 0
	mov rax, 0 // Zero out RAX
	lea rsi, [rax + 10h] // Calculate intermediate address
	add rsi, 50h // Adjust address for PEB
	mov rbx, gs:[rsi] // Load PEB address into RBX
	lea rsi, [rbx + 10h + 8h] // Calculate address for LDR
	mov rbx, [rsi] // Load LDR address into RBX
	lea rsi, [rbx + 10h + 10h] // Calculate InLoadOrderModuleList address
	mov rbx, [rsi] // Load InLoadOrderModuleList into RBX
	mov rbx, [rbx] // Move to the first entry (ntdll.dll)
	mov rbx, [rbx] // Move to the second entry (kernel32.dll)
	lea rsi, [rbx + 10h + 10h] // Calculate base address of kernel32.dll
	mov rbx, [rsi] // Load base address of kernel32.dll into RBX
	mov rax, rbx // Move base address to RAX
	mov kernel32BaseAddress, rax // Store base address in variable
	}

	return kernel32BaseAddress;
	}

	int main() {
	void* kernel32BaseAddr = GetBaseAddressOfKernel32();
	std::cout << "Base Address of kernel32.dll: " << kernel32BaseAddr << std::endl;
	return 0;
	}