设为首页收藏本站
切换到宽版

龙马谷

 找回密码
 立即注册

QQ登录

只需一步,快速开始

龙马谷»龙马谷论坛 技术专区 驱动开发技术 X64驱动R3R0通用汇编call执行库源码
龙马谷VIP会员办理客服QQ:82926983(如果临时会话没有收到回复,请先加QQ好友再发。)
1 [已完结] GG修改器新手入门与实战教程 31课 2 [已完结] GG修改器美化修改教程 6课 3 [已完结] GG修改器Lua脚本新手入门教程 12课
4 [已完结] 触动精灵脚本新手入门必学教程 22课 5 [已完结] 手游自动化脚本入门实战教程 9课 6 [已完结] C++射击游戏方框骨骼透视与自瞄教程 27课
7 [已完结] C++零基础UE4逆向开发FPS透视自瞄教程 29课 8 [已完结] C++零基础大漠模拟器手游自动化辅助教程 22课 9 [已完结] C++零基础开发DXF内存脚本辅助教程 32课
以下是天马阁VIP教程,本站与天马阁合作,赞助VIP可以获得天马阁对应VIP会员,名额有限! 点击进入天马阁论坛
1 [已完结] x64CE与x64dbg入门基础教程 7课 2 [已完结] x64汇编语言基础教程 16课 3 [已完结] x64辅助入门基础教程 9课
4 [已完结] C++x64内存辅助实战技术教程 149课 5 [已完结] C++x64内存检测与过检测技术教程 10课 6 [已完结] C+x64二叉树分析遍历与LUA自动登陆教程 19课
7 [已完结] C++BT功能原理与x64实战教程 29课 8 [已完结] C+FPS框透视与自瞄x64实现原理及防护思路
返回列表 发新帖
查看: 4716|回复: 0

X64驱动R3R0通用汇编call执行库源码

[复制链接]
debra

25

主题

1

回帖

37

积分

编程入门

Rank: 1

龙马币
108
debra | 显示全部楼层 |阅读模式

这里是其中一小部分。



  3. byte * push_rsp() //64位编码
  4. {
  5. byte code[1] = { 0x54 };
  6. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
  7. CodeLen = CodeLen + sizeof(code);
  8. return ShellCode;
  9. }


  12. byte * push_rbp() //64位编码
  13. {
  14. byte code[1] = { 0x55 };
  15. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
  16. CodeLen = CodeLen + sizeof(code);
  17. return ShellCode;
  18. }


  21. byte * push_rsi() //64位编码
  22. {
  23. byte code[1] = { 0x56 };
  24. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
  25. CodeLen = CodeLen + sizeof(code);
  26. return ShellCode;
  27. }


  30. byte * push_rdi() //64位编码
  31. {
  32. byte code[1] = { 0x57 };
  33. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
  34. CodeLen = CodeLen + sizeof(code);
  35. return ShellCode;
  36. }



  40. byte * mov_rax_value(__int64 value)   //qword
  41. {
  42. byte code[2] = { 0x48,0xb8 };
  43. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));
  44. CodeLen = CodeLen + sizeof(code);
  45. RtlMoveMemory(ShellCode + CodeLen, &value, sizeof(__int64));
  46. CodeLen = CodeLen + sizeof(__int64);
  47. return ShellCode;
  48. }



  52. byte * mov_rcx_value(__int64 value)   //qword
  53. {

  55. byte code[2] = { 0x48,0xb9 };

  57. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

  59. CodeLen = CodeLen + sizeof(code);

  61. RtlMoveMemory(ShellCode + CodeLen, &value, sizeof(__int64));

  63. CodeLen = CodeLen + 8;

  65. return ShellCode;

  67. }



  71. byte * mov_rdx_value(__int64 value)   //qword

  73. {

  75. byte code[2] = { 0x48,0xba };

  77. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

  79. CodeLen = CodeLen + sizeof(code);

  81. RtlMoveMemory(ShellCode + CodeLen, &value, sizeof(__int64));

  83. CodeLen = CodeLen + 8;

  85. return ShellCode;

  87. }



  91. byte * mov_rbx_value(__int64 value)   //qword

  93. {

  95. byte code[2] = { 0x48,0xbb };

  97. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

  99. CodeLen = CodeLen + sizeof(code);

  101. RtlMoveMemory(ShellCode + CodeLen, &value, sizeof(__int64));

  103. CodeLen = CodeLen + 8;

  105. return ShellCode;

  107. }



  111. byte * mov_r8_value(__int64 value)   //qword

  113. {

  115. byte code[2] = { 0x49,0xb8 };

  117. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

  119. CodeLen = CodeLen + sizeof(code);

  121. RtlMoveMemory(ShellCode + CodeLen, &value, sizeof(__int64));

  123. CodeLen = CodeLen + 8;

  125. return ShellCode;

  127. }



  131. byte * mov_r9_value(__int64 value)   //qword

  133. {

  135. byte code[2] = { 0x49,0xb9 };

  137. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

  139. CodeLen = CodeLen + sizeof(code);

  141. RtlMoveMemory(ShellCode + CodeLen, &value, sizeof(__int64));

  143. CodeLen = CodeLen + 8;

  145. return ShellCode;

  147. }



  151. byte * mov_r10_value(__int64 value)   //mov r10, 6FFFFFFFFFFFFFFF

  153. {

  155. byte code[2] = { 0x49,0xba };

  157. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

  159. CodeLen = CodeLen + sizeof(code);

  161. RtlMoveMemory(ShellCode + CodeLen, &value, sizeof(__int64));

  163. CodeLen = CodeLen + 8;

  165. return ShellCode;

  167. }



  171. byte * mov_r11_value(__int64 value)   //qword

  173. {

  175. byte code[2] = { 0x49,0xbb };

  177. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

  179. CodeLen = CodeLen + sizeof(code);

  181. RtlMoveMemory(ShellCode + CodeLen, &value, sizeof(__int64));

  183. CodeLen = CodeLen + 8;

  185. return ShellCode;

  187. }



  191. byte * mov_r12_value(__int64 value)   //qword

  193. {

  195. byte code[2] = { 0x49,0xbc };

  197. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

  199. CodeLen = CodeLen + sizeof(code);

  201. RtlMoveMemory(ShellCode + CodeLen, &value, sizeof(__int64));

  203. CodeLen = CodeLen + 8;

  205. return ShellCode;

  207. }



  211. byte * mov_r13_value(__int64 value)   //qword

  213. {

  215. byte code[2] = { 0x49,0xbd };

  217. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

  219. CodeLen = CodeLen + sizeof(code);

  221. RtlMoveMemory(ShellCode + CodeLen, &value, sizeof(__int64));

  223. CodeLen = CodeLen + 8;

  225. return ShellCode;

  227. }



  231. byte * mov_r14_value(__int64 value)   //qword

  233. {

  235. byte code[2] = { 0x49,0xbe };

  237. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

  239. CodeLen = CodeLen + sizeof(code);

  241. RtlMoveMemory(ShellCode + CodeLen, &value, sizeof(__int64));

  243. CodeLen = CodeLen + 8;

  245. return ShellCode;

  247. }



  251. byte * mov_r15_value(__int64 value)   //qword

  253. {

  255. byte code[2] = { 0x49,0xbf };

  257. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

  259. CodeLen = CodeLen + sizeof(code);

  261. RtlMoveMemory(ShellCode + CodeLen, &value, sizeof(__int64));

  263. CodeLen = CodeLen + 8;

  265. return ShellCode;

  267. }



  271. byte * mov_rcx_rax() //64位编码

  273. {

  275. byte code[3] = { 0x48,0x8b,0xc8 };

  277. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

  279. CodeLen = CodeLen + sizeof(code);

  281. return ShellCode;

  283. }



  287. byte * mov_rax_rcx() //64位编码

  289. {

  291. byte code[3] = { 0x49,0x89,0xc8 };

  293. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

  295. CodeLen = CodeLen + sizeof(code);

  297. return ShellCode;

  299. }



  303. byte * mov_rax_rdx() //64位编码

  305. {

  307. byte code[3] = { 0x48,0x89,0xd0 };

  309. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

  311. CodeLen = CodeLen + sizeof(code);

  313. return ShellCode;

  315. }



  319. byte * mov_rdx_rax() //64位编码

  321. {

  323. byte code[3] = { 0x48,0x89,0xc2 };

  325. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

  327. CodeLen = CodeLen + sizeof(code);

  329. return ShellCode;

  331. }



  335. byte * mov_r8_r9() //64位编码

  337. {

  339. byte code[3] = { 0x4d,0x89,0xc8 };

  341. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

  343. CodeLen = CodeLen + sizeof(code);

  345. return ShellCode;

  347. }



  351. byte * mov_r9_r8() //64位编码

  353. {

  355. byte code[3] = { 0x4d,0x89,0xc1 };

  357. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

  359. CodeLen = CodeLen + sizeof(code);

  361. return ShellCode;

  363. }



  367. byte * mov_rcx_ptr_rcx() //64位编码

  369. {

  371. byte code[3] = { 0x48,0x8b,0x09 };

  373. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

  375. CodeLen = CodeLen + sizeof(code);

  377. return ShellCode;

  379. }



  383. byte * mov_rcx_ptr_rax() //64位编码

  385. {

  387. byte code[3] = { 0x48,0x8b,0x08 };

  389. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

  391. CodeLen = CodeLen + sizeof(code);

  393. return ShellCode;

  395. }

  397. byte * mov_rcx_ptr_rdx() //64位编码

  399. {

  401. byte code[3] = { 0x48,0x8b,0x0a };

  403. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

  405. CodeLen = CodeLen + sizeof(code);

  407. return ShellCode;

  409. }



  413. byte * mov_rcx_ptr_rbx() //64位编码

  415. {

  417. byte code[3] = { 0x48,0x8b,0x0b };

  419. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

  421. CodeLen = CodeLen + sizeof(code);

  423. return ShellCode;

  425. }



  429. byte * mov_rdx_ptr_rdx() //64位编码

  431. {

  433. byte code[3] = { 0x48,0x8b,0x12 };

  435. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

  437. CodeLen = CodeLen + sizeof(code);

  439. return ShellCode;

  441. }



  445. byte * mov_rdx_ptr_rcx() //64位编码

  447. {

  449. byte code[3] = { 0x48,0x8b,0x11 };

  451. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

  453. CodeLen = CodeLen + sizeof(code);

  455. return ShellCode;

  457. }



  461. byte * mov_rdx_ptr_rbx() //64位编码

  463. {

  465. byte code[3] = { 0x48,0x8b,0x13 };

  467. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

  469. CodeLen = CodeLen + sizeof(code);

  471. return ShellCode;

  473. }



  477. byte * mov_rdx_ptr_rax() //64位编码

  479. {

  481. byte code[3] = { 0x48,0x8b,0x10 };

  483. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

  485. CodeLen = CodeLen + sizeof(code);

  487. return ShellCode;

  489. }



  493. byte * mov_r8_ptr_r8() //64位编码

  495. {

  497. byte code[3] = { 0x4d,0x8b,0x00 };

  499. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

  501. CodeLen = CodeLen + sizeof(code);

  503. return ShellCode;

  505. }



  509. byte * mov_r8_ptr_r9() //64位编码

  511. {

  513. byte code[3] = { 0x4d,0x8b,0x01 };

  515. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

  517. CodeLen = CodeLen + sizeof(code);

  519. return ShellCode;

  521. }



  525. byte * mov_r8_ptr_r10() //64位编码

  527. {

  529. byte code[3] = { 0x4d,0x8b,0x02 };

  531. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

  533. CodeLen = CodeLen + sizeof(code);

  535. return ShellCode;

  537. }



  541. byte * mov_r9_ptr_r8() //64位编码

  543. {

  545. byte code[3] = { 0x4d,0x8b,0x08 };

  547. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

  549. CodeLen = CodeLen + sizeof(code);

  551. return ShellCode;

  553. }

  555. byte * mov_r9_ptr_r9() //64位编码

  557. {

  559. byte code[3] = { 0x4d,0x8b,0x09 };

  561. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

  563. CodeLen = CodeLen + sizeof(code);

  565. return ShellCode;

  567. }



  571. byte * mov_r9_ptr_r10() //64位编码

  573. {

  575. byte code[3] = { 0x4d,0x8b,0x0a };

  577. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

  579. CodeLen = CodeLen + sizeof(code);

  581. return ShellCode;

  583. }



  587. byte * mov_r15_r8() //64位编码

  589. {

  591. byte code[3] = { 0x4d,0x89,0xc7 };

  593. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

  595. CodeLen = CodeLen + sizeof(code);

  597. return ShellCode;

  599. }



  603. byte * mov_r15_r9() //64位编码

  605. {

  607. byte code[3] = { 0x4d,0x89,0xcf };

  609. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

  611. CodeLen = CodeLen + sizeof(code);

  613. return ShellCode;

  615. }

  617. byte * mov_r15_r10() //64位编码

  619. {

  621. byte code[3] = { 0x4d,0x89,0xd7 };

  623. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

  625. CodeLen = CodeLen + sizeof(code);

  627. return ShellCode;

  629. }



  633. byte * mov_r15_r11() //64位编码

  635. {

  637. byte code[3] = { 0x4d,0x89,0xdf };

  639. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

  641. CodeLen = CodeLen + sizeof(code);

  643. return ShellCode;

  645. }



  649. byte * mov_r15_r12() //64位编码

  651. {

  653. byte code[3] = { 0x4d,0x89,0xe7 };

  655. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

  657. CodeLen = CodeLen + sizeof(code);

  659. return ShellCode;

  661. }



  665. byte * mov_r15_r13() //64位编码

  667. {

  669. byte code[3] = { 0x4d,0x89,0xef };

  671. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

  673. CodeLen = CodeLen + sizeof(code);

  675. return ShellCode;

  677. }



  681. byte * mov_r15_r14() //64位编码

  683. {

  685. byte code[3] = { 0x4d,0x89,0xf7 };

  687. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

  689. CodeLen = CodeLen + sizeof(code);

  691. return ShellCode;

  693. }



  697. byte * mov_r15_r15() //64位编码

  699. {

  701. byte code[3] = { 0x4d,0x89,0xff };

  703. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

  705. CodeLen = CodeLen + sizeof(code);

  707. return ShellCode;

  709. }



  713. byte * mov_r15_ptr_r8() //64位编码

  715. {

  717. byte code[3] = { 0x4d,0x8b,0x38 };

  719. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

  721. CodeLen = CodeLen + sizeof(code);

  723. return ShellCode;

  725. }



  729. byte * mov_r15_ptr_r9() //64位编码

  731. {

  733. byte code[3] = { 0x4d,0x8b,0x39 };

  735. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

  737. CodeLen = CodeLen + sizeof(code);

  739. return ShellCode;

  741. }



  745. byte * mov_r15_ptr_r10() //64位编码

  747. {

  749. byte code[3] = { 0x4d,0x8b,0x3a };

  751. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

  753. CodeLen = CodeLen + sizeof(code);

  755. return ShellCode;

  757. }





  763. byte * mov_r15_ptr_r11() //64位编码

  765. {

  767. byte code[3] = { 0x4d,0x8b,0x3b };

  769. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

  771. CodeLen = CodeLen + sizeof(code);

  773. return ShellCode;

  775. }



  779. byte * mov_r15_ptr_r12() //64位编码

  781. {

  783. byte code[4] = { 0x4d,0x8b,0x3c,0x24 };

  785. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

  787. CodeLen = CodeLen + sizeof(code);

  789. return ShellCode;

  791. }



  795. byte * mov_r15_ptr_r13() //64位编码

  797. {

  799. byte code[4] = { 0x4d,0x8b,0x7d,0x00 };

  801. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

  803. CodeLen = CodeLen + sizeof(code);

  805. return ShellCode;

  807. }

  809. byte * mov_r15_ptr_r14() //64位编码

  811. {

  813. byte code[3] = { 0x4d,0x8b,0x3e };

  815. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

  817. CodeLen = CodeLen + sizeof(code);

  819. return ShellCode;

  821. }



  825. byte * mov_r15_ptr_r15() //64位编码

  827. {

  829. byte code[3] = { 0x4d,0x8b,0x3f };

  831. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

  833. CodeLen = CodeLen + sizeof(code);

  835. return ShellCode;

  837. }





  843. byte * mov_qword_ptr_rax(__int64 value)   //qword这里是个内存地址

  845. {

  847. byte code[2] = { 0x48,0xa3 };

  849. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

  851. CodeLen = CodeLen + sizeof(code);

  853. RtlMoveMemory(ShellCode + CodeLen, &value, sizeof(__int64));

  855. CodeLen = CodeLen + 8;

  857. return ShellCode;

  859. }



  863. byte * mov_rax_qword_ptr_rbp_add(int value)   //qword这里是个内存地址,mov rax, qword ptr ss:[rbp+FFFFFFF]

  865. {

  867. byte code[3] = { 0x48,0x8b,0x85 };

  869. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

  871. CodeLen = CodeLen + sizeof(code);

  873. RtlMoveMemory(ShellCode + CodeLen, &value, sizeof(int));

  875. CodeLen = CodeLen + 4;

  877. return ShellCode;

  879. }



  883. byte * mov_rcx_qword_ptr_rbp_add(int value)   //qword这里是个内存地址,mov rax, qword ptr ss:[rbp+FFFFFFF]

  885. {

  887. byte code[3] = { 0x48,0x8b,0x8d };

  889. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

  891. CodeLen = CodeLen + sizeof(code);

  893. RtlMoveMemory(ShellCode + CodeLen, &value, sizeof(int));

  895. CodeLen = CodeLen + 4;

  897. return ShellCode;

  899. }



  903. byte * lea_rcx_rcx() //64位编码   [rcx]

  905. {

  907. byte code[3] = { 0x48,0x8d,0x09 };

  909. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

  911. CodeLen = CodeLen + sizeof(code);

  913. return ShellCode;

  915. }



  919. byte * lea_rax_rcx() //64位编码 [eax]

  921. {

  923. byte code[3] = { 0x48,0x8d,0x08 };

  925. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

  927. CodeLen = CodeLen + sizeof(code);

  929. return ShellCode;

  931. }



  935. byte * lea_rax_rax() //64位编码 [eax]

  937. {

  939. byte code[3] = { 0x48,0x8d,0x00 };

  941. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

  943. CodeLen = CodeLen + sizeof(code);

  945. return ShellCode;

  947. }



  951. byte * lea_rcx_rax() //64位编码   [eax]

  953. {

  955. byte code[3] = { 0x48,0x8d,0x01 };

  957. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

  959. CodeLen = CodeLen + sizeof(code);

  961. return ShellCode;

  963. }



  967. byte * add_rax_rcx() //64位编码 [eax]

  969. {

  971. byte code[3] = { 0x48,0x01,0xc8 };

  973. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

  975. CodeLen = CodeLen + sizeof(code);

  977. return ShellCode;

  979. }



  983. byte * add_rcx_rax() //64位编码 [eax]

  985. {

  987. byte code[3] = { 0x48,0x01,0xc1 };

  989. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

  991. CodeLen = CodeLen + sizeof(code);

  993. return ShellCode;

  995. }



  999. byte * add_rsp_value(int value)   //减法最大值是0xffffffff,这个是32位

  1001. {

  1003. byte code[3] = { 0x48,0x81,0xc4 };

  1005. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

  1007. CodeLen = CodeLen + sizeof(code);

  1009. RtlMoveMemory(ShellCode + CodeLen, &value, sizeof(int));

  1011. CodeLen = CodeLen + 4;

  1013. return ShellCode;

  1015. }



  1019. byte * sub_rsp_value(int value)   //减法最大值是0xffffffff,这个是32位

  1021. {

  1023. byte code[3] = { 0x48,0x81,0xec };

  1025. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

  1027. CodeLen = CodeLen + sizeof(code);

  1029. RtlMoveMemory(ShellCode + CodeLen, &value, sizeof(int));

  1031. CodeLen = CodeLen + 4;

  1033. return ShellCode;

  1035. }



  1039. byte * sub_rax_rcx()   //减法

  1041. {

  1043. byte code[3] = { 0x48,0x29,0xc3 };

  1045. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

  1047. CodeLen = CodeLen + sizeof(code);

  1049. return ShellCode;

  1051. }



  1055. byte * sub_rcx_rax()   //减法

  1057. {

  1059. byte code[3] = { 0x48,0x29,0xc1 };

  1061. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

  1063. CodeLen = CodeLen + sizeof(code);

  1065. return ShellCode;

  1067. }



  1071. byte * ret()   //

  1073. {

  1075. byte code[1] = { 0xc3 };

  1077. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

  1079. CodeLen = CodeLen + sizeof(code);

  1081. return ShellCode;

  1083. }



  1087. byte * retn(short value)   //减法

  1089. {

  1091. byte code[1] = { 0xc2 };

  1093. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

  1095. CodeLen = CodeLen + sizeof(code);

  1097. RtlMoveMemory(ShellCode + CodeLen, &value, sizeof(short));

  1099. CodeLen = CodeLen + sizeof(short);

  1101. return ShellCode;

  1103. }



  1107. byte * idiv_rax()   //除法 ,首先要讲值传到rax,最后的值传给rax 0x48,0x99 =cpo

  1109. {

  1111. byte code[5] = { 0x48,0x99,0x48,0xf7,0xf8 };

  1113. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

  1115. CodeLen = CodeLen + sizeof(code);

  1117. return ShellCode;

  1119. }



  1123. byte * idiv_rcx()   //除法 ,首先要讲值传到rax,最后的值传给rax 0x48,0x99 =cpo

  1125. {

  1127. byte code[5] = { 0x48,0x99,0x48,0xf7,0xf9 };

  1129. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

  1131. CodeLen = CodeLen + sizeof(code);

  1133. return ShellCode;

  1135. }



  1139. byte * div_rax()   //除法 ,首先要讲值传到rax,最后的值传给rax 0x48,0x99 =cpo

  1141. {

  1143. byte code[5] = { 0x48,0x99,0x48,0xf7,0xf0 };

  1145. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

  1147. CodeLen = CodeLen + sizeof(code);

  1149. return ShellCode;

  1151. }



  1155. byte * div_rcx()   //除法 ,首先要讲值传到rax,最后的值传给rax 0x48,0x99 =cpo

  1157. {

  1159. byte code[5] = { 0x48,0x99,0x48,0xf7,0xf1 };

  1161. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

  1163. CodeLen = CodeLen + sizeof(code);

  1165. return ShellCode;

  1167. }



  1171. byte * imul_rax_rcx()   //乘法

  1173. {

  1175. byte code[4] = { 0x48,0x0f,0xaf,0xc1 };

  1177. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

  1179. CodeLen = CodeLen + sizeof(code);

  1181. return ShellCode;

  1183. }



  1187. byte * imul_r8_r9()   //乘法

  1189. {

  1191. byte code[4] = { 0x4d,0x0f,0xaf,0xc1 };

  1193. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

  1195. CodeLen = CodeLen + sizeof(code);

  1197. return ShellCode;

  1199. }



  1203. byte * call_rax()   //易变

  1205. {

  1207. byte code[2] = { 0xff,0xd0 };

  1209. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

  1211. CodeLen = CodeLen + sizeof(code);

  1213. return ShellCode;

  1215. }



  1219. byte * call_rcx()   //易变

  1221. {

  1223. byte code[2] = { 0xff,0xd1 };

  1225. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

  1227. CodeLen = CodeLen + sizeof(code);

  1229. return ShellCode;

  1231. }



  1235. byte * call_r8()    //易变

  1237. {

  1239. byte code[3] = { 0x41,0xff,0xd0 };

  1241. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

  1243. CodeLen = CodeLen + sizeof(code);

  1245. return ShellCode;

  1247. }



  1251. byte * call_r9()   //易变

  1253. {

  1255. byte code[3] = { 0x41,0xff,0xd1 };

  1257. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

  1259. CodeLen = CodeLen + sizeof(code);

  1261. return ShellCode;

  1263. }



  1267. byte * call_r10()   //易变

  1269. {

  1271. byte code[3] = { 0x41,0xff,0xd2 };

  1273. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

  1275. CodeLen = CodeLen + sizeof(code);

  1277. return ShellCode;

  1279. }



  1283. byte * call_r11()   //易变

  1285. {

  1287. byte code[3] = { 0x41,0xff,0xd3 };

  1289. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

  1291. CodeLen = CodeLen + sizeof(code);

  1293. return ShellCode;

  1295. }



  1299. byte * call_r12()   //易变

  1301. {

  1303. byte code[3] = { 0x41,0xff,0xd4 };

  1305. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

  1307. CodeLen = CodeLen + sizeof(code);

  1309. return ShellCode;

  1311. }



  1315. byte * call_r13()   //易变

  1317. {

  1319. byte code[3] = { 0x41,0xff,0xd5 };

  1321. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

  1323. CodeLen = CodeLen + sizeof(code);

  1325. return ShellCode;

  1327. }



  1331. byte * call_r14()   //易变

  1333. {

  1335. byte code[3] = { 0x41,0xff,0xd6 };

  1337. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

  1339. CodeLen = CodeLen + sizeof(code);

  1341. return ShellCode;

  1343. }



  1347. byte * call_r15()   //易变

  1349. {

  1351. byte code[3] = { 0x41,0xff,0xd7 };

  1353. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

  1355. CodeLen = CodeLen + sizeof(code);

  1357. return ShellCode;

  1359. }



  1363. byte * jmp_r15()   //易变

  1365. {

  1367. byte code[3] = { 0x41,0xff,0xe7 };

  1369. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

  1371. CodeLen = CodeLen + sizeof(code);

  1373. return ShellCode;

  1375. }



  1379. byte * call_ptr(int value)   //减法最大值是0xffffffff,这个是32位//这个函数x64有问题的,不建议用

  1381. {

  1383. byte code[2] = { 0xff,0x14};

  1385. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

  1387. CodeLen = CodeLen + sizeof(code);

  1389. RtlMoveMemory(ShellCode + CodeLen, &value, sizeof(int));

  1391. CodeLen = CodeLen + 4;

  1393. return ShellCode;

  1395. }



  1399. byte * movss_xmm0_dword_ptr_rcx()   //浮点数地址传值   movss xmm0, dword ptr ds:[rax]

  1401. {

  1403. byte code[4] = { 0xF3, 0x0F, 0x10, 0x01 };

  1405. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

  1407. CodeLen = CodeLen + sizeof(code);

  1409. return ShellCode;

  1411. }



  1415. byte * movss_xmm0_dword_ptr_rax()   //浮点数地址传值   movss xmm0, dword ptr ds:[rax]

  1417. {

  1419. byte code[4] = { 0xF3, 0x0F, 0x10, 0x00 };

  1421. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

  1423. CodeLen = CodeLen + sizeof(code);

  1425. return ShellCode;

  1427. }



  1431. byte * movss_xmm1_dword_ptr_rax()   //浮点数地址传值   movss xmm1, dword ptr ds:[rax]

  1433. {

  1435. byte code[4] = { 0xF3, 0x0F, 0x10, 0x08 };

  1437. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

  1439. CodeLen = CodeLen + sizeof(code);

  1441. return ShellCode;

  1443. }



  1447. byte * movss_xmm2_dword_ptr_rax()   //浮点数地址传值   movss xmm2, dword ptr ds:[rax]

  1449. {

  1451. byte code[4] = { 0xF3, 0x0F, 0x10, 0x10 };

  1453. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

  1455. CodeLen = CodeLen + sizeof(code);

  1457. return ShellCode;

  1459. }



  1463. byte * movss_xmm3_dword_ptr_rax()   //浮点数地址传值   movss xmm3, dword ptr ds:[rax]

  1465. {

  1467. byte code[4] = { 0xF3, 0x0F, 0x10, 0x18 };

  1469. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

  1471. CodeLen = CodeLen + sizeof(code);

  1473. return ShellCode;

  1475. }



  1479. byte * movss_xmm4_dword_ptr_rax()   //浮点数地址传值   movss xmm4, dword ptr ds:[rax]

  1481. {

  1483. byte code[4] = { 0xF3, 0x0F, 0x10, 0x20 };

  1485. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

  1487. CodeLen = CodeLen + sizeof(code);

  1489. return ShellCode;

  1491. }



  1495. byte * movss_xmm1_dword_ptr_rcx()                 //浮点数地址传值   movss xmm0, dword ptr ds:[rcx]

  1497. {

  1499. byte code[4] = { 0xF3, 0x0F, 0x10, 0x09 };

  1501. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

  1503. CodeLen = CodeLen + sizeof(code);

  1505. return ShellCode;

  1507. }



  1511. byte * movss_xmm0_dword_ptr_r8()                   //浮点数地址传值   movss xmm0, dword ptr ds:[r8]

  1513. {

  1515. byte code[5] = { 0xF3, 0x41, 0x0f, 0x10,0x00 };

  1517. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

  1519. CodeLen = CodeLen + sizeof(code);

  1521. return ShellCode;

  1523. }



  1527. byte * movss_xmm0_dword_ptr_r9()                    //浮点数地址传值   movss xmm0, dword ptr ds:[r9]

  1529. {

  1531. byte code[5] = { 0xF3, 0x41, 0x0f, 0x10,0x01 };

  1533. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

  1535. CodeLen = CodeLen + sizeof(code);

  1537. return ShellCode;

  1539. }



  1543. byte * movss_dword_ptr_xmm0()   // movss dword ptr ds : [rax], xmm0 |

  1545. {

  1547. byte code[5] = { 0xF3, 0x67, 0x0F, 0x11, 0x01 };

  1549. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

  1551. CodeLen = CodeLen + sizeof(code);

  1553. return ShellCode;

  1555. }



  1559. byte * addss_xmm0_dword_ptr_rax()   // addss xmm0, dword ptr ds : [rax]   浮点加法

  1561. {

  1563. byte code[4] = { 0xF3, 0x0f, 0x58, 0x00 };

  1565. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

  1567. CodeLen = CodeLen + sizeof(code);

  1569. return ShellCode;

  1571. }



  1575. byte * subss_xmm0_dword_ptr_rax()   // addss xmm0, dword ptr ds : [rax]   浮点减法

  1577. {

  1579. byte code[4] = { 0xF3, 0x0f, 0x5c, 0x00 };

  1581. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

  1583. CodeLen = CodeLen + sizeof(code);

  1585. return ShellCode;

  1587. }



  1591. byte * mulss_xmm0_dword_ptr_rax()   // addss xmm0, dword ptr ds : [rax]   浮点乘法

  1593. {

  1595. byte code[4] = { 0xF3, 0x0f, 0x59, 0x00 };

  1597. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

  1599. CodeLen = CodeLen + sizeof(code);

  1601. return ShellCode;

  1603. }



  1607. byte * divss_xmm0_dword_ptr_rax()   // addss xmm0, dword ptr ds : [rax]   浮点除法

  1609. {

  1611. byte code[4] = { 0xF3, 0x0f, 0x5e, 0x00 };

  1613. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

  1615. CodeLen = CodeLen + sizeof(code);

  1617. return ShellCode;

  1619. }



  1623. byte * xor_r9d_r9d()   // addss xmm0, dword ptr ds : [rax]   清空

  1625. {

  1627. byte code[3] = { 0x45, 0x31, 0xc9 };

  1629. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

  1631. CodeLen = CodeLen + sizeof(code);

  1633. return ShellCode;

  1635. }



  1639. byte * xor_r8d_r8d()   // addss xmm0, dword ptr ds : [rax]   清空

  1641. {

  1643. byte code[3] = { 0x45, 0x31, 0xc0 };

  1645. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

  1647. CodeLen = CodeLen + sizeof(code);

  1649. return ShellCode;

  1651. }



  1655. byte * xor_eax_eax()   // addss xmm0, dword ptr ds : [rax]   清空

  1657. {

  1659. byte code[2] = { 0x31, 0xc0 };

  1661. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

  1663. CodeLen = CodeLen + sizeof(code);

  1665. return ShellCode;

  1667. }



  1671. byte * xor_ecx_ecx()   // addss xmm0, dword ptr ds : [rax]   清空

  1673. {

  1675. byte code[2] = { 0x31, 0xc9 };

  1677. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

  1679. CodeLen = CodeLen + sizeof(code);

  1681. return ShellCode;

  1683. }



  1687. byte * xor_edx_edx()   // addss xmm0, dword ptr ds : [rax]   清空

  1689. {

  1691. byte code[2] = { 0x31, 0xd2 };

  1693. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

  1695. CodeLen = CodeLen + sizeof(code);

  1697. return ShellCode;

  1699. }



  1703. byte * xor_rax_rax()   // addss xmm0, dword ptr ds : [rax]   清空

  1705. {

  1707. byte code[3] = { 0x48, 0x31,0xc0 };

  1709. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

  1711. CodeLen = CodeLen + sizeof(code);

  1713. return ShellCode;

  1715. }



  1719. byte * xor_rcx_rcx()   // addss xmm0, dword ptr ds : [rax]   清空

  1721. {

  1723. byte code[3] = { 0x48, 0x31,0xc9 };

  1725. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

  1727. CodeLen = CodeLen + sizeof(code);

  1729. return ShellCode;

  1731. }



  1735. byte * xor_r8_r8()   // addss xmm0, dword ptr ds : [rax]   清空

  1737. {

  1739. byte code[3] = { 0x4d, 0x31,0xc0 };

  1741. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

  1743. CodeLen = CodeLen + sizeof(code);

  1745. return ShellCode;

  1747. }



  1751. byte * xor_r9_r9()   // addss xmm0, dword ptr ds : [rax]   清空

  1753. {

  1755. byte code[3] = { 0x4d, 0x31,0xc9 };

  1757. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

  1759. CodeLen = CodeLen + sizeof(code);

  1761. return ShellCode;

  1763. }



  1767. byte * int3()   // addss xmm0, dword ptr ds : [rax]   清空

  1769. {

  1771. byte code[1] = { 0xcc };

  1773. RtlMoveMemory(ShellCode + CodeLen, &code, sizeof(code));

  1775. CodeLen = CodeLen + sizeof(code);

  1777. return ShellCode;

  1779. }



  1783. short WordToByteArray(short Value) //2字节整数转byte数组,网络转换

  1785. {

  1787. return htons(Value);

  1789. }



  1793. int intToByteArray(int Value) //4字节整数转byte数组,网络转换 ntohl应该也可以

  1795. {

  1797. return htonl(Value);

  1799. }



  1803. void ByteToHexStr(const unsigned char* source, char* dest, int sourceLen)//char*字符串转编码   备份函数

  1805. {

  1807. short i;

  1809. unsigned char highByte, lowByte;



  1813. for (i = 0; i < sourceLen; i++)

  1815. {

  1817. highByte = source[i] >> 4;

  1819. lowByte = source[i] & 0x0f;



  1823. highByte += 0x30;



  1827. if (highByte > 0x39)

  1829. dest[i * 2] = highByte + 0x07;

  1831. else

  1833. dest[i * 2] = highByte;



  1837. lowByte += 0x30;

  1839. if (lowByte > 0x39)

  1841. dest[i * 2 + 1] = lowByte + 0x07;

  1843. else

  1845. dest[i * 2 + 1] = lowByte;

  1847. }

  1849. return;

  1851. }



  1855. bool HexToString(unsigned char *pSrc, std::string &dest, int nL) //char[]字节数组转->字符串

  1857. {

  1859. char buf[256];



  1863. memset((char *)buf, 0, sizeof(buf));



  1867. unsigned char hb;

  1869. unsigned char lb;



  1873. for (int i = 0; i < nL; i++)

  1875. {

  1877. hb = (pSrc[i] & 0xf0) >> 4;



  1881. if (hb >= 0 && hb <= 9)

  1883. hb += 0x30;

  1885. else if (hb >= 10 && hb <= 15)

  1887. hb = hb - 10 + 'A';

  1889. else

  1891. return false;



  1895. lb = pSrc[i] & 0x0f;

  1897. if (lb >= 0 && lb <= 9)

  1899. lb += 0x30;

  1901. else if (lb >= 10 && lb <= 15)

  1903. lb = lb - 10 + 'A';

  1905. else

  1907. return false;



  1911. buf[i * 2] = hb;

  1913. buf[i * 2 + 1] = lb;

  1915. }

  1917. dest = buf;

  1919. return true;

  1921. }



  1925. bool StringToHex(std::string &src, unsigned char *dest)////字符串====字节数组

  1927. {

  1929. unsigned char hb;

  1931. unsigned char lb;



  1935. if (src.size() % 2 != 0)

  1937. return false;



  1941. transform(src.begin(), src.end(), src.begin(), toupper);



  1945. for (int i = 0, j = 0; i < (int)src.size(); i++)

  1947. {

  1949. hb = src[i];

  1951. if (hb >= 'A' && hb <= 'F')

  1953. hb = hb - 'A' + 10;

  1955. else if (hb >= '0' && hb <= '9')

  1957. hb = hb - '0';

  1959. else

  1961. return false;



  1965. i++;

  1967. lb = src[i];

  1969. if (lb >= 'A' && lb <= 'F')

  1971. lb = lb - 'A' + 10;

  1973. else if (lb >= '0' && lb <= '9')

  1975. lb = lb - '0';

  1977. else

  1979. return false;

  1981. dest[j++] = (hb << 4) | (lb);

  1983. }

  1985. return true;
  1986. }

复制代码

回复

举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

龙马谷| C/C++辅助教程| 安卓逆向安全| 论坛导航| 免责申明|Archiver|
拒绝任何人以任何形式在本论坛发表与中华人民共和国法律相抵触的言论,本站内容均为会员发表,并不代表龙马谷立场!
任何人不得以任何方式翻录、盗版或出售本站视频,一经发现我们将追究其相关责任!
我们一直在努力成为最好的编程论坛!
Copyright© 2018-2021 All Right Reserved.
关闭

会员办理

售后客服

技术支持

工作时间:9:00-22:00

在线客服
快速回复 返回顶部 返回列表