the following code segment is supposed to walk the InInitializationOrderModuleList inside the PEB and return the base address of kernel32.dll. However, when I try to Console assemble and link the following code I get the error stating that there is a missing operator in expression.
.486
option casemap :none
include \masm32\include\masm32rt.inc
.code
start:
call main
exit
main proc
mov eax, large fs:30h
mov eax, [eax+0Ch]
mov esi, [eax+1Ch]
lodsd
mov eax, [eax+8]
print str$(eax)
ret
main endp
end start
So, I changed the line as :-
mov eax, fs:30h
and the error I get is error A2108: Use of register assumed to ERROR. What am I doing wrong?
Just figured out, adding assume fs:nothing solves the problem.