flat assembler
Message board for the users of flat assembler.
Index
> Windows > how recognize mode of processor x64 |
Author |
|
comrade 27 Feb 2013, 19:57
If you're running a 32-bit program (Wow64), then you're in 32-bit.
If you're running a 64-bit program, then you are in long mode. That is, you force the OS to put the CPU in whatever mode by running a program requiring that mode. There is really nothing to detect? Am I understanding you correctly? |
|||
27 Feb 2013, 19:57 |
|
LocoDelAssembly 27 Feb 2013, 23:06
Like comrade said, however, if you actually intended to post your question in Main forum or your code runs in an unknown context, then:
Code: use64 xor eax, eax mov rax, rax ; in 32-bit mode this is DEC EAX | MOV EAX, EAX jnz .32_bit .64_bit: use32 .32_bit: |
|||
27 Feb 2013, 23:06 |
|
comrade 28 Feb 2013, 10:01
hah, i wonder if melvin is coding an exploit
|
|||
28 Feb 2013, 10:01 |
|
MazeGen 28 Feb 2013, 10:30
If it is an exploit, it should use trickier code
Code: use64 xor eax, eax DB 48h ; DEC EAX in 32-bit mode, otherwise REX.W swallowed by JNZ jnz .32_bit .64_bit: use32 .32_bit: |
|||
28 Feb 2013, 10:30 |
|
melvin 28 Feb 2013, 21:09
No I am not coding exploit
Thanks for replies. Your code is great. I would never thought to do it that way. But I want to recognize mode without executing any code. It is because I write x64 debugger for both 32 and 64 bit application. If breakpoint is hit on api function I want to know what is the size of the return address. In wow64 process there are dlls both x64 and x86. I suppose that these 64 bit dll is executing in long mode. For instance C:\Windows\SYSTEM32\ntdll.dll. |
|||
28 Feb 2013, 21:09 |
|
comrade 01 Mar 2013, 07:46
melvin wrote: It is because I write x64 debugger for both 32 and 64 bit application. If breakpoint is hit on api function I want to know what is the size of the return address. Wow64 emulates the debugging APIs (DebugActiveProcess etc) such that you can use a 32-bit debugger on a 64-bit machine, with the intention of debugging a 32-bit program. You will run into many difficulties by having a 64-bit process debugging a 32-bit Wow64 process. And again, if you have attached to a particular process, you can query whether it is 32-bit or 64-bit by calling IsWow64Process. |
|||
01 Mar 2013, 07:46 |
|
< Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.