Thread: CodeCave in x64
View Single Post
  #2  
Old 03-31-2023, 02:20
chessgod101's Avatar
chessgod101 chessgod101 is offline
Co-Administrator
  
Join Date: Jan 2011
Location: United States
Posts: 539
Rept. Given: 2,242
Rept. Rcvd 704 Times in 224 Posts
Thanks Given: 754
Thanks Rcvd at 1,021 Times in 191 Posts
chessgod101 Reputation: 700-899 chessgod101 Reputation: 700-899 chessgod101 Reputation: 700-899 chessgod101 Reputation: 700-899 chessgod101 Reputation: 700-899 chessgod101 Reputation: 700-899 chessgod101 Reputation: 700-899
Quote:
Should I have to PUSH all registers and pop them off in x64?
Yes. PUSHAD is not supported in x64, unfortunately. However, you could simply PUSH only the registers you are using in your cave to minimize size depending on your requirements.

Intel x86/x64 assembly reference:
Code:
https://cdrdv2-public.intel.com/774494/325462-sdm-vol-1-2abcd-3abcd.pdf
__________________
"As the island of our knowledge grows, so does the shore of our ignorance." John Wheeler
Reply With Quote
The Following 2 Users Say Thank You to chessgod101 For This Useful Post:
niculaita (04-01-2023), tonyweb (04-19-2023)