X64驱动R3R0通用汇编call执行库源码
这里是其中一小部分。
byte * push_rsp() //64位编码
{
byte code = { 0x54 };
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
return ShellCode;
}
byte * push_rbp() //64位编码
{
byte code = { 0x55 };
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
return ShellCode;
}
byte * push_rsi() //64位编码
{
byte code = { 0x56 };
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
return ShellCode;
}
byte * push_rdi() //64位编码
{
byte code = { 0x57 };
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
return ShellCode;
}
byte * mov_rax_value(__int64 value) //qword
{
byte code = { 0x48,0xb8 };
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
RtlMoveMemory(ShellCode + CodeLen, &value, sizeof(__int64));
CodeLen = CodeLen + sizeof(__int64);
return ShellCode;
}
byte * mov_rcx_value(__int64 value) //qword
{
byte code = { 0x48,0xb9 };
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
RtlMoveMemory(ShellCode + CodeLen, &value, sizeof(__int64));
CodeLen = CodeLen + 8;
return ShellCode;
}
byte * mov_rdx_value(__int64 value) //qword
{
byte code = { 0x48,0xba };
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
RtlMoveMemory(ShellCode + CodeLen, &value, sizeof(__int64));
CodeLen = CodeLen + 8;
return ShellCode;
}
byte * mov_rbx_value(__int64 value) //qword
{
byte code = { 0x48,0xbb };
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
RtlMoveMemory(ShellCode + CodeLen, &value, sizeof(__int64));
CodeLen = CodeLen + 8;
return ShellCode;
}
byte * mov_r8_value(__int64 value) //qword
{
byte code = { 0x49,0xb8 };
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
RtlMoveMemory(ShellCode + CodeLen, &value, sizeof(__int64));
CodeLen = CodeLen + 8;
return ShellCode;
}
byte * mov_r9_value(__int64 value) //qword
{
byte code = { 0x49,0xb9 };
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
RtlMoveMemory(ShellCode + CodeLen, &value, sizeof(__int64));
CodeLen = CodeLen + 8;
return ShellCode;
}
byte * mov_r10_value(__int64 value) //mov r10, 6FFFFFFFFFFFFFFF
{
byte code = { 0x49,0xba };
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
RtlMoveMemory(ShellCode + CodeLen, &value, sizeof(__int64));
CodeLen = CodeLen + 8;
return ShellCode;
}
byte * mov_r11_value(__int64 value) //qword
{
byte code = { 0x49,0xbb };
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
RtlMoveMemory(ShellCode + CodeLen, &value, sizeof(__int64));
CodeLen = CodeLen + 8;
return ShellCode;
}
byte * mov_r12_value(__int64 value) //qword
{
byte code = { 0x49,0xbc };
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
RtlMoveMemory(ShellCode + CodeLen, &value, sizeof(__int64));
CodeLen = CodeLen + 8;
return ShellCode;
}
byte * mov_r13_value(__int64 value) //qword
{
byte code = { 0x49,0xbd };
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
RtlMoveMemory(ShellCode + CodeLen, &value, sizeof(__int64));
CodeLen = CodeLen + 8;
return ShellCode;
}
byte * mov_r14_value(__int64 value) //qword
{
byte code = { 0x49,0xbe };
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
RtlMoveMemory(ShellCode + CodeLen, &value, sizeof(__int64));
CodeLen = CodeLen + 8;
return ShellCode;
}
byte * mov_r15_value(__int64 value) //qword
{
byte code = { 0x49,0xbf };
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
RtlMoveMemory(ShellCode + CodeLen, &value, sizeof(__int64));
CodeLen = CodeLen + 8;
return ShellCode;
}
byte * mov_rcx_rax() //64位编码
{
byte code = { 0x48,0x8b,0xc8 };
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
return ShellCode;
}
byte * mov_rax_rcx() //64位编码
{
byte code = { 0x49,0x89,0xc8 };
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
return ShellCode;
}
byte * mov_rax_rdx() //64位编码
{
byte code = { 0x48,0x89,0xd0 };
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
return ShellCode;
}
byte * mov_rdx_rax() //64位编码
{
byte code = { 0x48,0x89,0xc2 };
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
return ShellCode;
}
byte * mov_r8_r9() //64位编码
{
byte code = { 0x4d,0x89,0xc8 };
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
return ShellCode;
}
byte * mov_r9_r8() //64位编码
{
byte code = { 0x4d,0x89,0xc1 };
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
return ShellCode;
}
byte * mov_rcx_ptr_rcx() //64位编码
{
byte code = { 0x48,0x8b,0x09 };
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
return ShellCode;
}
byte * mov_rcx_ptr_rax() //64位编码
{
byte code = { 0x48,0x8b,0x08 };
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
return ShellCode;
}
byte * mov_rcx_ptr_rdx() //64位编码
{
byte code = { 0x48,0x8b,0x0a };
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
return ShellCode;
}
byte * mov_rcx_ptr_rbx() //64位编码
{
byte code = { 0x48,0x8b,0x0b };
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
return ShellCode;
}
byte * mov_rdx_ptr_rdx() //64位编码
{
byte code = { 0x48,0x8b,0x12 };
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
return ShellCode;
}
byte * mov_rdx_ptr_rcx() //64位编码
{
byte code = { 0x48,0x8b,0x11 };
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
return ShellCode;
}
byte * mov_rdx_ptr_rbx() //64位编码
{
byte code = { 0x48,0x8b,0x13 };
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
return ShellCode;
}
byte * mov_rdx_ptr_rax() //64位编码
{
byte code = { 0x48,0x8b,0x10 };
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
return ShellCode;
}
byte * mov_r8_ptr_r8() //64位编码
{
byte code = { 0x4d,0x8b,0x00 };
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
return ShellCode;
}
byte * mov_r8_ptr_r9() //64位编码
{
byte code = { 0x4d,0x8b,0x01 };
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
return ShellCode;
}
byte * mov_r8_ptr_r10() //64位编码
{
byte code = { 0x4d,0x8b,0x02 };
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
return ShellCode;
}
byte * mov_r9_ptr_r8() //64位编码
{
byte code = { 0x4d,0x8b,0x08 };
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
return ShellCode;
}
byte * mov_r9_ptr_r9() //64位编码
{
byte code = { 0x4d,0x8b,0x09 };
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
return ShellCode;
}
byte * mov_r9_ptr_r10() //64位编码
{
byte code = { 0x4d,0x8b,0x0a };
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
return ShellCode;
}
byte * mov_r15_r8() //64位编码
{
byte code = { 0x4d,0x89,0xc7 };
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
return ShellCode;
}
byte * mov_r15_r9() //64位编码
{
byte code = { 0x4d,0x89,0xcf };
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
return ShellCode;
}
byte * mov_r15_r10() //64位编码
{
byte code = { 0x4d,0x89,0xd7 };
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
return ShellCode;
}
byte * mov_r15_r11() //64位编码
{
byte code = { 0x4d,0x89,0xdf };
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
return ShellCode;
}
byte * mov_r15_r12() //64位编码
{
byte code = { 0x4d,0x89,0xe7 };
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
return ShellCode;
}
byte * mov_r15_r13() //64位编码
{
byte code = { 0x4d,0x89,0xef };
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
return ShellCode;
}
byte * mov_r15_r14() //64位编码
{
byte code = { 0x4d,0x89,0xf7 };
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
return ShellCode;
}
byte * mov_r15_r15() //64位编码
{
byte code = { 0x4d,0x89,0xff };
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
return ShellCode;
}
byte * mov_r15_ptr_r8() //64位编码
{
byte code = { 0x4d,0x8b,0x38 };
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
return ShellCode;
}
byte * mov_r15_ptr_r9() //64位编码
{
byte code = { 0x4d,0x8b,0x39 };
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
return ShellCode;
}
byte * mov_r15_ptr_r10() //64位编码
{
byte code = { 0x4d,0x8b,0x3a };
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
return ShellCode;
}
byte * mov_r15_ptr_r11() //64位编码
{
byte code = { 0x4d,0x8b,0x3b };
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
return ShellCode;
}
byte * mov_r15_ptr_r12() //64位编码
{
byte code = { 0x4d,0x8b,0x3c,0x24 };
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
return ShellCode;
}
byte * mov_r15_ptr_r13() //64位编码
{
byte code = { 0x4d,0x8b,0x7d,0x00 };
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
return ShellCode;
}
byte * mov_r15_ptr_r14() //64位编码
{
byte code = { 0x4d,0x8b,0x3e };
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
return ShellCode;
}
byte * mov_r15_ptr_r15() //64位编码
{
byte code = { 0x4d,0x8b,0x3f };
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
return ShellCode;
}
byte * mov_qword_ptr_rax(__int64 value) //qword这里是个内存地址
{
byte code = { 0x48,0xa3 };
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
RtlMoveMemory(ShellCode + CodeLen, &value, sizeof(__int64));
CodeLen = CodeLen + 8;
return ShellCode;
}
byte * mov_rax_qword_ptr_rbp_add(int value) //qword这里是个内存地址,mov rax, qword ptr ss:
{
byte code = { 0x48,0x8b,0x85 };
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
RtlMoveMemory(ShellCode + CodeLen, &value, sizeof(int));
CodeLen = CodeLen + 4;
return ShellCode;
}
byte * mov_rcx_qword_ptr_rbp_add(int value) //qword这里是个内存地址,mov rax, qword ptr ss:
{
byte code = { 0x48,0x8b,0x8d };
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
RtlMoveMemory(ShellCode + CodeLen, &value, sizeof(int));
CodeLen = CodeLen + 4;
return ShellCode;
}
byte * lea_rcx_rcx() //64位编码
{
byte code = { 0x48,0x8d,0x09 };
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
return ShellCode;
}
byte * lea_rax_rcx() //64位编码
{
byte code = { 0x48,0x8d,0x08 };
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
return ShellCode;
}
byte * lea_rax_rax() //64位编码
{
byte code = { 0x48,0x8d,0x00 };
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
return ShellCode;
}
byte * lea_rcx_rax() //64位编码
{
byte code = { 0x48,0x8d,0x01 };
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
return ShellCode;
}
byte * add_rax_rcx() //64位编码
{
byte code = { 0x48,0x01,0xc8 };
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
return ShellCode;
}
byte * add_rcx_rax() //64位编码
{
byte code = { 0x48,0x01,0xc1 };
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
return ShellCode;
}
byte * add_rsp_value(int value) //减法最大值是0xffffffff,这个是32位
{
byte code = { 0x48,0x81,0xc4 };
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
RtlMoveMemory(ShellCode + CodeLen, &value, sizeof(int));
CodeLen = CodeLen + 4;
return ShellCode;
}
byte * sub_rsp_value(int value) //减法最大值是0xffffffff,这个是32位
{
byte code = { 0x48,0x81,0xec };
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
RtlMoveMemory(ShellCode + CodeLen, &value, sizeof(int));
CodeLen = CodeLen + 4;
return ShellCode;
}
byte * sub_rax_rcx() //减法
{
byte code = { 0x48,0x29,0xc3 };
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
return ShellCode;
}
byte * sub_rcx_rax() //减法
{
byte code = { 0x48,0x29,0xc1 };
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
return ShellCode;
}
byte * ret() //
{
byte code = { 0xc3 };
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
return ShellCode;
}
byte * retn(short value) //减法
{
byte code = { 0xc2 };
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
RtlMoveMemory(ShellCode + CodeLen, &value, sizeof(short));
CodeLen = CodeLen + sizeof(short);
return ShellCode;
}
byte * idiv_rax() //除法 ,首先要讲值传到rax,最后的值传给rax 0x48,0x99 =cpo
{
byte code = { 0x48,0x99,0x48,0xf7,0xf8 };
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
return ShellCode;
}
byte * idiv_rcx() //除法 ,首先要讲值传到rax,最后的值传给rax 0x48,0x99 =cpo
{
byte code = { 0x48,0x99,0x48,0xf7,0xf9 };
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
return ShellCode;
}
byte * div_rax() //除法 ,首先要讲值传到rax,最后的值传给rax 0x48,0x99 =cpo
{
byte code = { 0x48,0x99,0x48,0xf7,0xf0 };
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
return ShellCode;
}
byte * div_rcx() //除法 ,首先要讲值传到rax,最后的值传给rax 0x48,0x99 =cpo
{
byte code = { 0x48,0x99,0x48,0xf7,0xf1 };
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
return ShellCode;
}
byte * imul_rax_rcx() //乘法
{
byte code = { 0x48,0x0f,0xaf,0xc1 };
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
return ShellCode;
}
byte * imul_r8_r9() //乘法
{
byte code = { 0x4d,0x0f,0xaf,0xc1 };
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
return ShellCode;
}
byte * call_rax() //易变
{
byte code = { 0xff,0xd0 };
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
return ShellCode;
}
byte * call_rcx() //易变
{
byte code = { 0xff,0xd1 };
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
return ShellCode;
}
byte * call_r8() //易变
{
byte code = { 0x41,0xff,0xd0 };
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
return ShellCode;
}
byte * call_r9() //易变
{
byte code = { 0x41,0xff,0xd1 };
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
return ShellCode;
}
byte * call_r10() //易变
{
byte code = { 0x41,0xff,0xd2 };
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
return ShellCode;
}
byte * call_r11() //易变
{
byte code = { 0x41,0xff,0xd3 };
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
return ShellCode;
}
byte * call_r12() //易变
{
byte code = { 0x41,0xff,0xd4 };
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
return ShellCode;
}
byte * call_r13() //易变
{
byte code = { 0x41,0xff,0xd5 };
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
return ShellCode;
}
byte * call_r14() //易变
{
byte code = { 0x41,0xff,0xd6 };
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
return ShellCode;
}
byte * call_r15() //易变
{
byte code = { 0x41,0xff,0xd7 };
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
return ShellCode;
}
byte * jmp_r15() //易变
{
byte code = { 0x41,0xff,0xe7 };
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
return ShellCode;
}
byte * call_ptr(int value) //减法最大值是0xffffffff,这个是32位//这个函数x64有问题的,不建议用
{
byte code = { 0xff,0x14};
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
RtlMoveMemory(ShellCode + CodeLen, &value, sizeof(int));
CodeLen = CodeLen + 4;
return ShellCode;
}
byte * movss_xmm0_dword_ptr_rcx() //浮点数地址传值 movss xmm0, dword ptr ds:
{
byte code = { 0xF3, 0x0F, 0x10, 0x01 };
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
return ShellCode;
}
byte * movss_xmm0_dword_ptr_rax() //浮点数地址传值 movss xmm0, dword ptr ds:
{
byte code = { 0xF3, 0x0F, 0x10, 0x00 };
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
return ShellCode;
}
byte * movss_xmm1_dword_ptr_rax() //浮点数地址传值 movss xmm1, dword ptr ds:
{
byte code = { 0xF3, 0x0F, 0x10, 0x08 };
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
return ShellCode;
}
byte * movss_xmm2_dword_ptr_rax() //浮点数地址传值 movss xmm2, dword ptr ds:
{
byte code = { 0xF3, 0x0F, 0x10, 0x10 };
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
return ShellCode;
}
byte * movss_xmm3_dword_ptr_rax() //浮点数地址传值 movss xmm3, dword ptr ds:
{
byte code = { 0xF3, 0x0F, 0x10, 0x18 };
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
return ShellCode;
}
byte * movss_xmm4_dword_ptr_rax() //浮点数地址传值 movss xmm4, dword ptr ds:
{
byte code = { 0xF3, 0x0F, 0x10, 0x20 };
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
return ShellCode;
}
byte * movss_xmm1_dword_ptr_rcx() //浮点数地址传值 movss xmm0, dword ptr ds:
{
byte code = { 0xF3, 0x0F, 0x10, 0x09 };
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
return ShellCode;
}
byte * movss_xmm0_dword_ptr_r8() //浮点数地址传值 movss xmm0, dword ptr ds:
{
byte code = { 0xF3, 0x41, 0x0f, 0x10,0x00 };
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
return ShellCode;
}
byte * movss_xmm0_dword_ptr_r9() //浮点数地址传值 movss xmm0, dword ptr ds:
{
byte code = { 0xF3, 0x41, 0x0f, 0x10,0x01 };
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
return ShellCode;
}
byte * movss_dword_ptr_xmm0() // movss dword ptr ds : , xmm0 |
{
byte code = { 0xF3, 0x67, 0x0F, 0x11, 0x01 };
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
return ShellCode;
}
byte * addss_xmm0_dword_ptr_rax() // addss xmm0, dword ptr ds : 浮点加法
{
byte code = { 0xF3, 0x0f, 0x58, 0x00 };
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
return ShellCode;
}
byte * subss_xmm0_dword_ptr_rax() // addss xmm0, dword ptr ds : 浮点减法
{
byte code = { 0xF3, 0x0f, 0x5c, 0x00 };
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
return ShellCode;
}
byte * mulss_xmm0_dword_ptr_rax() // addss xmm0, dword ptr ds : 浮点乘法
{
byte code = { 0xF3, 0x0f, 0x59, 0x00 };
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
return ShellCode;
}
byte * divss_xmm0_dword_ptr_rax() // addss xmm0, dword ptr ds : 浮点除法
{
byte code = { 0xF3, 0x0f, 0x5e, 0x00 };
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
return ShellCode;
}
byte * xor_r9d_r9d() // addss xmm0, dword ptr ds : 清空
{
byte code = { 0x45, 0x31, 0xc9 };
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
return ShellCode;
}
byte * xor_r8d_r8d() // addss xmm0, dword ptr ds : 清空
{
byte code = { 0x45, 0x31, 0xc0 };
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
return ShellCode;
}
byte * xor_eax_eax() // addss xmm0, dword ptr ds : 清空
{
byte code = { 0x31, 0xc0 };
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
return ShellCode;
}
byte * xor_ecx_ecx() // addss xmm0, dword ptr ds : 清空
{
byte code = { 0x31, 0xc9 };
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
return ShellCode;
}
byte * xor_edx_edx() // addss xmm0, dword ptr ds : 清空
{
byte code = { 0x31, 0xd2 };
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
return ShellCode;
}
byte * xor_rax_rax() // addss xmm0, dword ptr ds : 清空
{
byte code = { 0x48, 0x31,0xc0 };
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
return ShellCode;
}
byte * xor_rcx_rcx() // addss xmm0, dword ptr ds : 清空
{
byte code = { 0x48, 0x31,0xc9 };
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
return ShellCode;
}
byte * xor_r8_r8() // addss xmm0, dword ptr ds : 清空
{
byte code = { 0x4d, 0x31,0xc0 };
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
return ShellCode;
}
byte * xor_r9_r9() // addss xmm0, dword ptr ds : 清空
{
byte code = { 0x4d, 0x31,0xc9 };
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
return ShellCode;
}
byte * int3() // addss xmm0, dword ptr ds : 清空
{
byte code = { 0xcc };
RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
CodeLen = CodeLen + sizeof(code);
return ShellCode;
}
short WordToByteArray(short Value) //2字节整数转byte数组,网络转换
{
return htons(Value);
}
int intToByteArray(int Value) //4字节整数转byte数组,网络转换 ntohl应该也可以
{
return htonl(Value);
}
void ByteToHexStr(const unsigned char* source, char* dest, int sourceLen)//char*字符串转编码 备份函数
{
short i;
unsigned char highByte, lowByte;
for (i = 0; i < sourceLen; i++)
{
highByte = source >> 4;
lowByte = source & 0x0f;
highByte += 0x30;
if (highByte > 0x39)
dest = highByte + 0x07;
else
dest = highByte;
lowByte += 0x30;
if (lowByte > 0x39)
dest = lowByte + 0x07;
else
dest = lowByte;
}
return;
}
bool HexToString(unsigned char *pSrc, std::string &dest, int nL) //char[]字节数组转->字符串
{
char buf;
memset((char *)buf, 0, sizeof(buf));
unsigned char hb;
unsigned char lb;
for (int i = 0; i < nL; i++)
{
hb = (pSrc & 0xf0) >> 4;
if (hb >= 0 && hb <= 9)
hb += 0x30;
else if (hb >= 10 && hb <= 15)
hb = hb - 10 + 'A';
else
return false;
lb = pSrc & 0x0f;
if (lb >= 0 && lb <= 9)
lb += 0x30;
else if (lb >= 10 && lb <= 15)
lb = lb - 10 + 'A';
else
return false;
buf = hb;
buf = lb;
}
dest = buf;
return true;
}
bool StringToHex(std::string &src, unsigned char *dest)////字符串====字节数组
{
unsigned char hb;
unsigned char lb;
if (src.size() % 2 != 0)
return false;
transform(src.begin(), src.end(), src.begin(), toupper);
for (int i = 0, j = 0; i < (int)src.size(); i++)
{
hb = src;
if (hb >= 'A' && hb <= 'F')
hb = hb - 'A' + 10;
else if (hb >= '0' && hb <= '9')
hb = hb - '0';
else
return false;
i++;
lb = src;
if (lb >= 'A' && lb <= 'F')
lb = lb - 'A' + 10;
else if (lb >= '0' && lb <= '9')
lb = lb - '0';
else
return false;
dest = (hb << 4) | (lb);
}
return true;
}
页:
[1]