问题描述
我一直在试图访问一个可执行的PEB信息在这里看到:<一href=\"http://stackoverflow.com/questions/21973330/access-x64-teb-c-assembly?noredirect=1#comment33297329_21973330\">Access 64 TEB C ++&放大器;大会
I've been trying to access the peb information of an executable as seen here: Access x64 TEB C++ & Assembly
在code只能在AT&放大器;一些奇怪的原因T语法,但是当我尝试使用Intel语法,它不能给出相同的价值。当然有我的一部分错误。所以我问。
The code works only in AT&T syntax for some odd reason but when I try to use Intel syntax, it fails to give the same value. There's of course an error on my part. So I'm asking..
我怎么能转换:
int main()
{
void* ptr = 0; //0x7fff5c4ff3c0
asm volatile
(
"movq %%gs:0x30, %%rax\n\t"
"movq 0x60(%%rax), %%rax\n\t"
"movq 0x18(%%rax), %%rax\n\t"
"movq %%rax, %0\n"
: "=r" (ptr) ::
);
}
英特尔语法?
我试过:
asm volatile
(
"movq rax, gs:[0x30]\n\t"
"movq rax, [rax + 0x60]\n\t"
"movq rax, [rax + 0x18]\n\t"
"movq rax, %0\n"
: "=r" (ptr) ::
);
和
asm volatile
(
"mov rax, QWORD PTR gs:[0x30]\n\t"
"mov rax, QWORD PTR [rax + 0x60]\n\t"
"mov rax, QWORD PTR [rax + 0x18]\n\t"
"movq rax, %0\n" //mov rax, QWORD PTR [%0]\n
: "=r" (ptr) ::
);
他们不打印相同的值作为AT&amp; T公司语法: 0x7fff5c4ff3c0
任何想法?
推荐答案
您忘了逆转的最后一行操作顺序。你需要在ASM中说,唯一的指令是第一个因 GS
段覆盖,其余的可以用C来完成。
You forgot to reverse operand order on the last line. That said, the only instruction you need to have in asm is the first one due to the gs
segment override, the rest could be done in C.
这篇关于转换AT&amp; T公司的语法英特尔语法(ASM)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!