-
Notifications
You must be signed in to change notification settings - Fork 24
/
Copy pathx64.asm
97 lines (77 loc) · 1.43 KB
/
x64.asm
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
;;=============================================================================
; x64 assembly with visual studio
;;=============================================================================
.code
; void _break();
_break PROC
int 3
ret
_break ENDP
; ULONG64 sum64(ULONG64 a, ULONG64 b, ULONG64 c, ULONG64 d)
; rcx, rdx, r8, r9
sum64 proc
xor rax, rax
add rax, rcx
add rax, rdx
add rax, r8
add rax, r9
ret
sum64 endp
; trampolines in x64 env
; void trampoline()
trampoline proc
mov rax, 0abcdabcdffff0000h
jmp rax
trampoline endp
; direct jump
direct_jump proc
push rbx
xor rbx, rbx
jmp _stop ; direct near jump
mov rbx, 0 ; never called
_stop:
mov rbx, 01000h
mov rax, rbx
pop rbx
ret
direct_jump endp
; indirect jump
indirect_jump proc
push rbx
xor rbx, rbx
mov rbx, offset _stop
jmp rbx
mov rbx, 0 ; never called
_stop:
mov rbx, 01000h
mov rax, rbx
pop rbx
ret
indirect_jump endp
; push, move rsp+4, ret
push_mov_ret proc
push rdx
push rbx
mov rdx, 000000000ffffffffh
mov rbx, sum64
and rbx, rdx
push rbx
mov rdx, 0ffffffff00000000h
mov rbx, sum64
and rbx, rdx
shr rbx, 20h
mov [rsp+4], ebx ; adjust qword value
pop rbx ; rbx == sum64
pop rbx
pop rdx
ret
push_mov_ret endp
; void push_mov_ret2();
; jump 0xaabbccdd11223344
;
push_mov_ret2 proc
;push 011223344h
;mov dword ptr [rsp+4], 0aabbccddh
ret
push_mov_ret2 endp
end