wacked
/
blog
Segui 1
Vota 0
Forka 0
Codice Problemi 0 Pull Requests 0 Rilasci 0 Wiki Attività
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
8 Commit
1 Ramo (Branch)
Albero (Tree): 116c03eb24
Rami (Branch) Tag
${ item.name }
Crea branch ${ searchTerm }
da '116c03eb24'
${ noResults }
blog/content/projects/syscall64.md

syscall64.md 2.2KB
Originale Normal View Cronologia

syscall64
5 anni fa
add real syscall64 src
5 anni fa
 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586 
  1. ---

  2. title: "Syscall64"

  3. description: "Doing direct syscalls on all platforms"

  4. draft: false

  5. ---

  6. 

  7. A slightly hacky way (C macros) to do direct syscalls on either x86 or x64 windows,

  8. without any code change.

  9. 

  10. http://vcs.wacked.codes/wacked/syscall64

  11. 

  12. Use with this:

  13. ```

  14. ;http://blogs.msdn.com/b/oldnewthing/archive/2004/01/14/58579.aspx

  15. format ms coff

  16. 

  17. include 'u:\fasm\INCLUDE\win32wx.inc'

  18. public _syscall64

  19. section '.text' code readable executable

  20. 

  21. ; Converts the arguments and then executes SYSCALL

  22. ; 1. Param: Count of args to pass to syscall

  23. ; 2. Param: Syscall id

  24. ; 3. - X. Param: Params for syscall

  25. _syscall64:

  26.         ; Those registers are pushed here so that the LEAVE instr cleans up the converted params without me needing to

  27.         ; calc how much space those needed. Seriously what's 4*3 again?

  28.         push edi

  29.         push ebx

  30.         push edx ; used by the x64 code

  31.         

  32.         push ebp

  33.         mov ebp, esp

  34.         

  35.         ; Alloc space for params

  36.         mov ecx, [ebp + 4*3 + 0x08] ; cnt

  37.         cmp ecx, 4 ; Reserve shadow space

  38.         jge @f

  39.         mov ecx, 4

  40. @@:

  41.         shl ecx, 3

  42.         sub esp, ecx

  43.         

  44.         and esp, 0xFFFFFFF0 ; Align stack

  45.         

  46.         ; Convert params to x64

  47.         mov edi, esp ; Destination

  48.         mov ecx, [ebp + 4*3 + 0x08] ; Count

  49.         lea ebx, [ebp + 4*3 + 0x10] ; Source for params

  50. CONVERT_PARAMS_LOOP:    

  51.         test ecx, ecx

  52.         je @f

  53.         

  54.         mov eax, [ebx]

  55.         stosd ; mov dword[edi], dword[eax] edi += 4

  56.         mov eax, 0

  57.         stosd ; [edi] = 0 edi += 4

  58.         add ebx, 4 ; srcPtr++

  59.         dec ecx    ; cnt--

  60.         jmp CONVERT_PARAMS_LOOP

  61.         

  62. @@:     

  63.         ;mov eax, [ebp + 4*3 + 0x0C] ; Get syscall id

  64.         call 0x33:X64_START

  65. X86_RETURN_FROM_X64:    

  66.         leave

  67.         pop edx

  68.         pop ebx

  69.         pop edi

  70.         ret

  71.                         

  72. ;align 16       

  73. X64_START:

  74. use64

  75.         mov eax, dword [ebp + 0x18] ; Get syscall id (4*3 = saved registers, )

  76.         ; Get args from shadow space

  77.         mov rcx, [rsp + 8]

  78.         mov rdx , [rsp + 0x10]

  79.         mov r8, [rsp + 0x18]

  80.         mov r9, [rsp + 0x20]

  81.         

  82.         mov     r10,rcx

  83.         syscall

  84. use32 

  85.         retf

  86. ```