Unknown

1. DWORD _kernel32base()
2. {
3.     DWORD *base;
4.     base = NULL;
5.     __asm
6.     {
7.         MOV ESI, [FS:0x30] //PEB base
8.         MOV ESI, [ESI + 0x0C] //PEB->Ldr
9.         MOV ESI, [ESI + 0x1C] //PEB->Ldr.InInitOrder
10. _kernel32base_next_module:
11.         MOV EBP, [ESI + 0x08] //InInitOrder.base_address
12.         MOV EDI, [ESI + 0x20] //InInitOrder.module_name
13.         MOV ESI, [ESI] //InInitOrder.flink (next module)
14.         CMP [EDI + 12*2], 0 //module_name[12] == 0? (unicode)
15.         JNE _kernel32base_next_module
16.         MOV base, EBP
17.     }
18.     return (DWORD)base;
19. }