You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

преди 5 години
преди 5 години
преди 5 години
преди 5 години
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687
  1. ---
  2. title: "Syscall64"
  3. description: "Doing direct syscalls on all platforms"
  4. date: 2019-11-10T00:00:00+01:00
  5. draft: false
  6. ---
  7. A slightly hacky way (C macros) to do direct syscalls on either x86 or x64 windows,
  8. without any code change.
  9. http://vcs.wacked.codes/wacked/syscall64
  10. Use with this:
  11. ```
  12. ;http://blogs.msdn.com/b/oldnewthing/archive/2004/01/14/58579.aspx
  13. format ms coff
  14. include 'u:\fasm\INCLUDE\win32wx.inc'
  15. public _syscall64
  16. section '.text' code readable executable
  17. ; Converts the arguments and then executes SYSCALL
  18. ; 1. Param: Count of args to pass to syscall
  19. ; 2. Param: Syscall id
  20. ; 3. - X. Param: Params for syscall
  21. _syscall64:
  22. ; Those registers are pushed here so that the LEAVE instr cleans up the converted params without me needing to
  23. ; calc how much space those needed. Seriously what's 4*3 again?
  24. push edi
  25. push ebx
  26. push edx ; used by the x64 code
  27. push ebp
  28. mov ebp, esp
  29. ; Alloc space for params
  30. mov ecx, [ebp + 4*3 + 0x08] ; cnt
  31. cmp ecx, 4 ; Reserve shadow space
  32. jge @f
  33. mov ecx, 4
  34. @@:
  35. shl ecx, 3
  36. sub esp, ecx
  37. and esp, 0xFFFFFFF0 ; Align stack
  38. ; Convert params to x64
  39. mov edi, esp ; Destination
  40. mov ecx, [ebp + 4*3 + 0x08] ; Count
  41. lea ebx, [ebp + 4*3 + 0x10] ; Source for params
  42. CONVERT_PARAMS_LOOP:
  43. test ecx, ecx
  44. je @f
  45. mov eax, [ebx]
  46. stosd ; mov dword[edi], dword[eax] edi += 4
  47. mov eax, 0
  48. stosd ; [edi] = 0 edi += 4
  49. add ebx, 4 ; srcPtr++
  50. dec ecx ; cnt--
  51. jmp CONVERT_PARAMS_LOOP
  52. @@:
  53. ;mov eax, [ebp + 4*3 + 0x0C] ; Get syscall id
  54. call 0x33:X64_START
  55. X86_RETURN_FROM_X64:
  56. leave
  57. pop edx
  58. pop ebx
  59. pop edi
  60. ret
  61. ;align 16
  62. X64_START:
  63. use64
  64. mov eax, dword [ebp + 0x18] ; Get syscall id (4*3 = saved registers, )
  65. ; Get args from shadow space
  66. mov rcx, [rsp + 8]
  67. mov rdx , [rsp + 0x10]
  68. mov r8, [rsp + 0x18]
  69. mov r9, [rsp + 0x20]
  70. mov r10,rcx
  71. syscall
  72. use32
  73. retf
  74. ```