Exetools  

Go Back   Exetools > General > x64 OS
Reload this Page CodeCave in x64
Register Forum Rules FAQ Calendar Mark Forums Read

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 03-31-2023, 02:20
chessgod101's Avatar
chessgod101 chessgod101 is offline
Co-Administrator
  
Join Date: Jan 2011
Location: United States
Posts: 539
Rept. Given: 2,242
Rept. Rcvd 704 Times in 224 Posts
Thanks Given: 754
Thanks Rcvd at 1,021 Times in 191 Posts
chessgod101 Reputation: 700-899 chessgod101 Reputation: 700-899 chessgod101 Reputation: 700-899 chessgod101 Reputation: 700-899 chessgod101 Reputation: 700-899 chessgod101 Reputation: 700-899 chessgod101 Reputation: 700-899
Quote:
Should I have to PUSH all registers and pop them off in x64?
Yes. PUSHAD is not supported in x64, unfortunately. However, you could simply PUSH only the registers you are using in your cave to minimize size depending on your requirements.

Intel x86/x64 assembly reference:
Code:
https://cdrdv2-public.intel.com/774494/325462-sdm-vol-1-2abcd-3abcd.pdf
__________________
"As the island of our knowledge grows, so does the shore of our ignorance." John Wheeler
Reply With Quote
The Following 2 Users Say Thank You to chessgod101 For This Useful Post:
niculaita (04-01-2023), tonyweb (04-19-2023)
  #2  
Old 03-31-2023, 10:32
RAMPage RAMPage is offline
Friend
  
Join Date: Mar 2023
Posts: 44
Rept. Given: 3
Rept. Rcvd 1 Time in 1 Post
Thanks Given: 55
Thanks Rcvd at 23 Times in 12 Posts
RAMPage Reputation: 1
Thanks @chessgod101 for your reply. So I have to try this but , reading some of intel arch manual,

PUSH RAX-R15 > PUSHAD
PUSHFQ > PUSHFD
<<Shellcode>>
POP RAX - R15
POPFQ

?

Where can I start learning Assembly and coding by practice?

And always, Thanks.
Reply With Quote
  #3  
Old 03-31-2023, 14:47
blue_devil's Avatar
blue_devil blue_devil is offline
Family
  
Join Date: Dec 2011
Location: Observable Universe
Posts: 538
Rept. Given: 110
Rept. Rcvd 73 Times in 46 Posts
Thanks Given: 688
Thanks Rcvd at 895 Times in 297 Posts
blue_devil Reputation: 73
Quote:
Originally Posted by RAMPage View Post
<snipped>

Where can I start learning Assembly and coding by practice?

And always, Thanks.
RAMPage, if you are new or 0 to INTEL's x86 architecture assembly, I can suggest you this book:

Quote:
http://www.egr.unlv.edu/~ed/assembly64.pdf
This is an ebook, and didn't published. And It covers 64bit architecture, pretty updated!
Reply With Quote
The Following 2 Users Say Thank You to blue_devil For This Useful Post:
Artic (06-28-2023), RAMPage (03-31-2023)
  #4  
Old 03-31-2023, 19:01
RAMPage RAMPage is offline
Friend
  
Join Date: Mar 2023
Posts: 44
Rept. Given: 3
Rept. Rcvd 1 Time in 1 Post
Thanks Given: 55
Thanks Rcvd at 23 Times in 12 Posts
RAMPage Reputation: 1
Quote:
Originally Posted by blue_devil View Post
RAMPage, if you are new or 0 to INTEL's x86 architecture assembly, I can suggest you this book:



This is an ebook, and didn't published. And It covers 64bit architecture, pretty updated!
Thanks for sharing, I will have fun with this when I have some free time, Im in the need of putting my knowledge at practice, and this book im seeing it has quizes , so I appreciate it.
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Hybrid Mode Hybrid Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


All times are GMT +8. The time now is 14:17.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( Since 1998 )