flat assembler
Message board for the users of flat assembler.

Index > Compiler Internals > [BUG?] mov r10 , [gs:30h] instruction

Author
Thread Post new topic Reply to topic
ziral2088



Joined: 16 Aug 2009
Posts: 15
Location: Ukraine
ziral2088 31 Mar 2010, 14:39
Code:
macro   display_hexcimal num,zero_display
{
        local   x,y,c,bool
        x     = num
        c       =       7
        if      zero_display eq
                bool    =0
        else
                bool    =1
        end     if
        display '0x'
repeat  8
        y       =       x shr (c shl 2)
        y       =       y and 0x0000000F
        c       =       c-1

        if      y < 10
                y = y+'0'
        else
                y = y+'A'-10
        end     if

        if     (bool = 0)
               if      (%=8)
                        display   y
               else if (y <> '0')
                       bool   =  1
                       display y
               end     if
        else
              display y
        end     if
end     repeat
}
;*********************************************
macro displayx  x
{     if   x    eqtype  ''
           display      x
      else
           display_hexcimal   x
      end  if
}
;*********************************************
macro   displayx  [x]
{
        displayx  x
        common  display 13,10
}

format PE64 GUI 5.0
entry start

use64
section '.text' code readable executable
start:
    sub rsp , 8                   ;if remove this instruction then get in .tt -> 0x158B4C65 0xFFBFF028
    virtual at 0
        mov  r10 , [gs:30h]       ;got 0x158B4C65 0x28
        nop
        nop
        nop
        nop
        load a dword from 0
        load b dword from 0+4
    end virtual
    displayx a , ' ' , b
.tt:mov   r10 , [gs:30h]          ;0x158B4C65 0xFFBFF024 or if "sub rsp,8" will be removed then -> 0x158B4C65 0xFFBFF028
    nop
    nop
    nop
    nop
    load a2 dword from .tt
    load b2 dword from .tt+4
    displayx a2 , ' ' , b2    


Maybe I need to sleep...
Post 31 Mar 2010, 14:39
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20451
Location: In your JS exploiting you and your system
revolution 31 Mar 2010, 15:10
Remember that in 64bit mode addresses are RIP relative by default.

Use:
Code:
mov r10,[gs:dword 30h]    
Post 31 Mar 2010, 15:10
View user's profile Send private message Visit poster's website Reply with quote
ziral2088



Joined: 16 Aug 2009
Posts: 15
Location: Ukraine
ziral2088 31 Mar 2010, 15:20
revolution wrote:
Remember that in 64bit mode addresses are RIP relative by default.

Use:
Code:
mov r10,[gs:dword 30h]    


great thxs! Smile
Post 31 Mar 2010, 15:20
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.