Skip to content

Commit 288d1be

Browse files
author
dude719
committed
64 convention fixing
1 parent 684e97d commit 288d1be

File tree

2 files changed

+58
-93
lines changed

2 files changed

+58
-93
lines changed

Injectora/CRemoteCode.cpp

Lines changed: 57 additions & 92 deletions
Original file line numberDiff line numberDiff line change
@@ -109,7 +109,6 @@ void CRemoteCode::PushCall(calling_convention_t cconv, FARPROC CallAddress)
109109
if (!m_bIs64bit && iFunctionBegin == 0)
110110
{
111111
PushCall(CCONV_STDCALL, CallAddress); // is actually a stdcall
112-
113112
return;
114113
}
115114
else if (!m_bIs64bit && iFunctionBegin == 1)
@@ -127,112 +126,78 @@ void CRemoteCode::PushCall(calling_convention_t cconv, FARPROC CallAddress)
127126
}
128127
else // fastcall
129128
{
130-
if (m_bIs64bit && iFunctionBegin > 0) // 64 bit
129+
if (m_bIs64bit) // 64 bit
131130
{
132-
//#ifdef _DEBUG
133-
//AddByteToBuffer(0xCC); // debug INT3 opcode
134-
//#endif
131+
/* First things first. 64 bit mandatory "shadow" space of at least 32 bytes for EVERY call */
132+
/* Stack is 8 byte aligned. Every other param after rcx, rdx, r8, and r9, */
133+
/* should be pushed onto the stack */
134+
135+
// sub rsp, 0x20
136+
AddByteToBuffer(0x48);
137+
AddByteToBuffer(0x83);
138+
AddByteToBuffer(0xEC);
139+
AddByteToBuffer(0x20);
135140

136-
if (m_CurrentInvokeInfo.params[0].pparam)
141+
if (iFunctionBegin > 0)
137142
{
138-
if (m_CurrentInvokeInfo.params[0].ptype == PARAMETER_TYPE_INT64)
143+
if (m_CurrentInvokeInfo.params[0].pparam)
139144
{
140145
unsigned __int64 ulRcxParam = *(unsigned __int64*)m_CurrentInvokeInfo.params[0].pparam; // rcx param
141-
142-
// mov rcx, ulRcxParam
143-
// push rcx
146+
// mov rcx, ulRcxParam
144147
AddByteToBuffer(0x48);
145-
AddByteToBuffer(0xB9); // mov rcx,
146-
AddLong64ToBuffer(ulRcxParam); // ulRcxParam
147-
AddByteToBuffer(0x51); // push rcx
148-
}
149-
else if (m_CurrentInvokeInfo.params[0].ptype == PARAMETER_TYPE_INT)
150-
{
151-
unsigned long ulRcxParam = *(unsigned long*)m_CurrentInvokeInfo.params[0].pparam; // rcx param
152-
// mov ecx, ulRcxParam
153-
// push rcx
154-
AddByteToBuffer(0xB9); // mov ecx,
155-
AddLongToBuffer(ulRcxParam); // ulRcxParam
156-
AddByteToBuffer(0x68); // push
157-
AddLongToBuffer(ulRcxParam); // ulRcxParam
158-
//AddByteToBuffer(0x51); // push rcx
159-
}
160-
161-
// erase rcx param
162-
m_CurrentInvokeInfo.params.erase(m_CurrentInvokeInfo.params.begin());
163-
164-
if (m_CurrentInvokeInfo.params.size() > 0)
165-
{
166-
if (m_CurrentInvokeInfo.params[0].pparam)
148+
AddByteToBuffer(0xB9); // mov rcx, ulRcxParam
149+
AddLong64ToBuffer(ulRcxParam); //
150+
151+
// erase rcx param
152+
m_CurrentInvokeInfo.params.erase(m_CurrentInvokeInfo.params.begin());
153+
154+
if (m_CurrentInvokeInfo.params.size() > 0)
167155
{
168-
if (m_CurrentInvokeInfo.params[0].ptype == PARAMETER_TYPE_INT64)
156+
if (m_CurrentInvokeInfo.params[0].pparam)
169157
{
170158
unsigned __int64 ulRdxParam = *(unsigned __int64*)m_CurrentInvokeInfo.params[0].pparam; // rdx param
171-
172-
// mov rdx, ulRdxParam
173-
// push rdx
159+
// mov rdx, ulRdxParam
174160
AddByteToBuffer(0x48);
175-
AddByteToBuffer(0xBA); // mov rdx,
176-
AddLong64ToBuffer(ulRdxParam); // ulRdxParam
177-
AddByteToBuffer(0x52); // push rdx
178-
}
179-
else if (m_CurrentInvokeInfo.params[0].ptype == PARAMETER_TYPE_INT)
180-
{
181-
unsigned long ulRdxParam = *(unsigned long*)m_CurrentInvokeInfo.params[0].pparam; // rdx param
182-
// mov edx, ulRcxParam
183-
// push rdx
184-
AddByteToBuffer(0xBA); // mov edx,
185-
AddLongToBuffer(ulRdxParam); // ulRdxParam
186-
AddByteToBuffer(0x68); // push
187-
AddLongToBuffer(ulRdxParam); // ulRdxParam
188-
//AddByteToBuffer(0x52); // push rdx
189-
}
190-
191-
// erase rdx param
192-
m_CurrentInvokeInfo.params.erase(m_CurrentInvokeInfo.params.begin());
193-
194-
if (m_CurrentInvokeInfo.params.size() > 0)
195-
{
196-
if (m_CurrentInvokeInfo.params[0].pparam)
161+
AddByteToBuffer(0xBA); // mov rdx, ulRdxParam
162+
AddLong64ToBuffer(ulRdxParam); //
163+
164+
// erase rdx param
165+
m_CurrentInvokeInfo.params.erase(m_CurrentInvokeInfo.params.begin());
166+
167+
if (m_CurrentInvokeInfo.params.size() > 0)
197168
{
198-
if (m_CurrentInvokeInfo.params[0].ptype == PARAMETER_TYPE_INT64)
169+
if (m_CurrentInvokeInfo.params[0].pparam)
199170
{
200171
unsigned __int64 ulR8Param = *(unsigned __int64*)m_CurrentInvokeInfo.params[0].pparam; // r8 param
201-
// mov r8, ulR8Param
202-
// push r8
172+
// mov r8, ulR8Param
203173
AddByteToBuffer(0x49);
204-
AddByteToBuffer(0xB8); // mov r8,
205-
AddLong64ToBuffer(ulR8Param); // ulR8Param
206-
AddByteToBuffer(0x41); // push r8
207-
AddByteToBuffer(0x50); //
208-
}
174+
AddByteToBuffer(0xB8); // mov r8, ulR8Param
175+
AddLong64ToBuffer(ulR8Param); //
209176

210-
// erase r8 param
211-
m_CurrentInvokeInfo.params.erase(m_CurrentInvokeInfo.params.begin());
177+
// erase r8 param
178+
m_CurrentInvokeInfo.params.erase(m_CurrentInvokeInfo.params.begin());
212179

213-
if (m_CurrentInvokeInfo.params.size() > 0)
214-
{
215-
if (m_CurrentInvokeInfo.params[0].pparam)
180+
if (m_CurrentInvokeInfo.params.size() > 0)
216181
{
217-
unsigned __int64 ulR9Param = *(unsigned __int64*)m_CurrentInvokeInfo.params[0].pparam; // r9 param
218-
// mov r9, ulR9Param
219-
// push r9
220-
AddByteToBuffer(0x49);
221-
AddByteToBuffer(0xB9); // mov r9,
222-
AddLong64ToBuffer(ulR9Param); // ulR9Param
223-
AddByteToBuffer(0x41); // push r9
224-
AddByteToBuffer(0x51); //
225-
226-
// erase r9 param
227-
m_CurrentInvokeInfo.params.erase(m_CurrentInvokeInfo.params.begin());
228-
229-
} // ulR9Param
230-
}
231-
} // ulR8Param
232-
}
233-
} // ulRdxParam
234-
}
235-
} // ulRcxParam
182+
if (m_CurrentInvokeInfo.params[0].pparam)
183+
{
184+
unsigned __int64 ulR9Param = *(unsigned __int64*)m_CurrentInvokeInfo.params[0].pparam; // r9 param
185+
// mov r9, ulR9Param
186+
AddByteToBuffer(0x49);
187+
AddByteToBuffer(0xB9); // mov r9, ulR9Param
188+
AddLong64ToBuffer(ulR9Param); //
189+
190+
// erase r9 param
191+
m_CurrentInvokeInfo.params.erase(m_CurrentInvokeInfo.params.begin());
192+
193+
} // ulR9Param
194+
}
195+
} // ulR8Param
196+
}
197+
} // ulRdxParam
198+
}
199+
} // ulRcxParam
200+
}
236201
}
237202
else // 32 bit
238203
{
@@ -253,8 +218,8 @@ void CRemoteCode::PushCall(calling_convention_t cconv, FARPROC CallAddress)
253218

254219
if (m_bIs64bit)
255220
{
256-
//mov rax, calladdress
257-
//call rax
221+
// mov rax, calladdress
222+
// call rax
258223
AddByteToBuffer(0x48);
259224
AddByteToBuffer(0xB8); //mov rax,
260225
AddLong64ToBuffer(m_CurrentInvokeInfo.calladdress); // calladdress

Injectora/CRemoteLoader.cpp

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -721,7 +721,7 @@ BOOL CRemoteLoader::CallEntryPoint(void* BaseAddress, FARPROC Entrypoint)
721721
if (m_bIs64bit)
722722
{
723723
PushInt64((unsigned __int64)BaseAddress);
724-
PushInt(DLL_PROCESS_ATTACH);
724+
PushInt64(DLL_PROCESS_ATTACH);
725725
PushInt64(0x00);
726726
PushCall(CCONV_FASTCALL, Entrypoint);
727727
}

0 commit comments

Comments
 (0)