We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
另外可以使用长跳转 就不需要动eax了 byte[] jmp_inst = { /* 0x50, //push rax 0x48,0xB8,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90, //mov rax,target_addr 0x50, //push rax 0x48,0x8B,0x44,0x24,0x08, //mov rax,qword ptr ss:[rsp+8] 0xC2,0x08,0x00 //ret 8 */ 0xff,0x25,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 }; 最后8个字节写入绝对地址.
我看你们代码有用到0xe9跳转,在64位下有可能发生跳不到的情况 e9跳转只支持4个字节 建议都换成长跳转 14字节
The text was updated successfully, but these errors were encountered:
No branches or pull requests
另外可以使用长跳转 就不需要动eax了
byte[] jmp_inst =
{
/*
0x50, //push rax
0x48,0xB8,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90, //mov rax,target_addr
0x50, //push rax
0x48,0x8B,0x44,0x24,0x08, //mov rax,qword ptr ss:[rsp+8]
0xC2,0x08,0x00 //ret 8
*/
0xff,0x25,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
};
最后8个字节写入绝对地址.
我看你们代码有用到0xe9跳转,在64位下有可能发生跳不到的情况 e9跳转只支持4个字节 建议都换成长跳转 14字节
The text was updated successfully, but these errors were encountered: