locate the base address in a 32-bit process of NTDLL (Use inline assembly or straight assembly (demod in class), load the value of NTDLL base into memory or a register)

The goal of part 1 is to locate the base address (i.e. image base) of NTDLL. To do this, we will utilize the FS register and a structure called the Process Environment Block (PEB). You can find more information about the PEB structure on MSDN: https://msdn.microsoft.com/en-us/library/windows/desktop/aa813706(v=vs.85).aspx.

Use inline assembly or straight assembly (demod in class), load the value of NTDLL base into memory or a register, and print the value as proof that you were successful. For example:

(#] Found NT DLL Base at 0x776b0000