test case rip relative

README.md

 
 Test case: RIP relative
 =======================
+One of the new things in AMD64 is RIP relative addressing. I guess the reason
+to include it was to make it easier to generate PIC -- all references to data
+can now be made relative, instead of absolute. So it doesn't matter anymore
+where the program is loaded into memory and there's less need for the
+relocation table.
+
+A quick and dirty[1] test for this is re-implementing the well known C rand
+function.
+```ASM
+public _rip_relative
+_rip_relative:
+	mov rax, qword[seed]
+	mov ecx, 214013
+	mul ecx
+	add eax, 2531011
+	mov [seed], eax
+
+	shr eax, 16
+	and eax, 0x7FFF
+	ret
+
+seed dd 1
+```
 
-XXX TODO XXX
+The very first instruction uses rip relative addressing, thus it needs to be
+fixed in the trampoline.
 
 Test case: AVX & RDRAND
 =======================
 |  PolyHook|  X  |   X  |      X     | X |      |    |       |
 |   MinHook|  X  |   X  |      X     |   |      |    |   X   |
 |     MHook|     |      |      X     |   |      |    |       |
-+----------+-----+------+------------+---+------+----+-------+
++----------+-----+------+------------+---+------+----+-------+
+
+[1] This is one of the things that could easily be improved, but haven't been
+because I just couldn't motivate myself. Putting the data right after the func
+meant that a section containing code needed to be writable. Which is bad. Also
+I load the seed DWORD as a QWORD -- which only works because the upper half is
+then thrown away by the multiplication. It's shitty code is what I'm saying.
+
+In retrospect I should have used a jump table like a switch-case could be
+compiled into. That would be read only data. Oh well.