charme写的显示寄存器值[FASM]
;info
;;author:charme
;;index:http://hi.baidu.com/charme000
;;site:http://www.x64asm.com/
;;date:2010.1.8
format PE64 GUI
;;include
include 'C:\asm\tool\fasm\fasmw\INCLUDE\win64axp.inc'
;;data
.data
status db 'Status',0
reg db 'FLAGS: %.8X',13,10,'%s',13,10
db 'RAX: %.16IX',9,'R8: %.16IX',13,10
db 'RBX: %.16IX',9,'R9: %.16IX',13,10
db 'RCX: %.16IX',9,'R10: %.16IX',13,10
db 'RDX: %.16IX',9,'R11: %.16IX',13,10
db 'RSP: %.16IX',9,'R12: %.16IX',13,10
db 'RBP: %.16IX',9,'R13: %.16IX',13,10
db 'RSI: %.16IX',9,'R14: %.16IX',13,10
db 'RDI: %.16IX',9,'R15: %.16IX',13,10
db 'RIP: %.16IX',13,10,0
buff rb 1024
flag dd ?
.code
start:
sub rsp,4*8
jmp print
;jmp print
;jmp print
;;exit
add rsp,4*8
xor rcx,rcx
call
print:
pushf
push qword ;;return address
push r15
push rdi
push r14
push rsi
push r13
push rbp
push r12
push rsp
push r11
push rdx
push r10
push rcx
push r9
push rbx
push r8
push rax ;;we have push 17*8 xx
mov r8,;;3th arg
;;create stack for wsprintf
sub rsp,4*8
;;push arrgs
lea rcx,;;1th arg
lea rdx, ;;2th arg
lea r9, ;;4th arg
call
;;msgbox
xor rcx,rcx
lea rdx,
lea r8,
xor r9,r9
call
;;recover stack
add rsp,4*8
;;pop
pop rax
pop r8
pop rbx
pop r9
pop rcx
pop r10
pop rdx
pop r11
pop rsp
pop r12
pop rbp
pop r13
pop rsi
pop r14
pop rdi
pop r15
pop qword
popf
.end start
charme先生貌似很久没来了。
好贴顶一下 我也來推一下 好贴需要顶 上面所列的code有bug,在显示完register value会,程序会提法非法操作,被WIN OS阻止.我这里重新改写了一下,现在,一切都好了..:){:soso_e100:}
请参见下列代码:
; Example of 64-bit PE program
format PE64 GUI
entry start
include 'WIN64A.INC'
section '.text' code readable executable
start:
sub rsp, 8
invoke wsprintf, szTemp, "PE64 Demo: %s", _message
invoke MessageBoxA, 0, szTemp, _caption, 0
;Showing registers.
pushf
pop rax
lea r15,
invoke wsprintf, szTemp, RegStr, rax, rax, r8, rbx, r9, rcx, r10, rdx, r11, rsp, r12, rbp, r13, rsi, r14, rdi, r15, r15
invoke MessageBoxA, 0, szTemp, _caption, 0
mov rcx,rax
;call
invoke ExitProcess
section '.data' data readable writeable
_caption db 'Win64 assembly program',0
_message db 'Hello World!- Kenneth Zheng',0
szTemp rb 1000
RegStr db 'FLAGS: %.8X',13,10
db 'RAX: %.16IX',9,'R8: %.16IX',13,10
db 'RBX: %.16IX',9,'R9: %.16IX',13,10
db 'RCX: %.16IX',9,'R10: %.16IX',13,10
db 'RDX: %.16IX',9,'R11: %.16IX',13,10
db 'RSP: %.16IX',9,'R12: %.16IX',13,10
db 'RBP: %.16IX',9,'R13: %.16IX',13,10
db 'RSI: %.16IX',9,'R14: %.16IX',13,10
db 'RDI: %.16IX',9,'R15: %.16IX',13,10
db 'RIP: %.16IX',13,10,0
section '.idata' import data readable writeable
dd 0,0,0,RVA kernel_name,RVA kernel_table
dd 0,0,0,RVA user_name,RVA user_table
dd 0,0,0,0,0
kernel_table:
ExitProcess dq RVA _ExitProcess
dq 0
user_table:
MessageBoxA dq RVA _MessageBoxA
wsprintf dq RVA _wsprintfA
dq 0
kernel_name db 'KERNEL32.DLL',0
user_name db 'USER32.DLL',0
_ExitProcess dw 0
db 'ExitProcess',0
_MessageBoxA dw 0
db 'MessageBoxA',0
_wsprintfA dw 0
db 'wsprintfA',0
页:
[1]