I've been trying to access the peb information of an executable as seen here: Access x64 TEB C++ & Assembly
我一直在尝试访问可执行文件的peb信息,如下所示:访问x64 TEB C ++和汇编
The code works only in AT&T syntax for some odd reason but when I try to use Intel syntax, it fails to give the same value. There's of course an error on my part. So I'm asking..
由于某些奇怪的原因,代码仅在AT&T语法中起作用,但是当我尝试使用Intel语法时,它无法给出相同的值。我当然有错误。所以我问......
How can I convert:
我怎样才能转换:
int main()
{
void* ptr = 0; //0x7fff5c4ff3c0
asm volatile
(
"movq %%gs:0x30, %%rax\n\t"
"movq 0x60(%%rax), %%rax\n\t"
"movq 0x18(%%rax), %%rax\n\t"
"movq %%rax, %0\n"
: "=r" (ptr) ::
);
}
to Intel Syntax?
英特尔语法?
I tried:
asm volatile
(
"movq rax, gs:[0x30]\n\t"
"movq rax, [rax + 0x60]\n\t"
"movq rax, [rax + 0x18]\n\t"
"movq rax, %0\n"
: "=r" (ptr) ::
);
and:
asm volatile
(
"mov rax, QWORD PTR gs:[0x30]\n\t"
"mov rax, QWORD PTR [rax + 0x60]\n\t"
"mov rax, QWORD PTR [rax + 0x18]\n\t"
"movq rax, %0\n" //mov rax, QWORD PTR [%0]\n
: "=r" (ptr) ::
);
They do not print the same value as the AT&T syntax: 0x7fff5c4ff3c0
它们不会打印与AT&T语法相同的值:0x7fff5c4ff3c0
Any ideas?
1 个解决方案
#1
4
You forgot to reverse operand order on the last line. That said, the only instruction you need to have in asm is the first one due to the gs segment override, the rest could be done in C.
你忘了在最后一行反转操作数顺序。也就是说,你需要在asm中拥有的唯一指令是由于gs段覆盖而导致的第一个指令,其余的指令可以在C中完成。
#1
4
You forgot to reverse operand order on the last line. That said, the only instruction you need to have in asm is the first one due to the gs segment override, the rest could be done in C.
你忘了在最后一行反转操作数顺序。也就是说,你需要在asm中拥有的唯一指令是由于gs段覆盖而导致的第一个指令,其余的指令可以在C中完成。