Hello, I did 12 years ago redirecting the flow of execution was easy on a 32bit PE Executable, Change EP, to the code cave saving registers status executing code and then restoring them. In x64 i searching the way to.
Code:
hxxs://www.codeproject.com/Articles/20240/The-Beginners-Guide-to-Codecaves
The way to clear the registers, how I do this in x64? I was seeing PUSHAD and PUSHFD isnt in x64. Should I have to PUSH all registers and pop them off in x64?
Code:
x32
PUSHAD
PUSHFD
<CODE>
POPAD
POPFD
JMP Original Entry Point
Thanks
