Exetools  

Go Back   Exetools > General > x64 OS
Reload this Page CodeCave in x64
Register Forum Rules FAQ Calendar Mark Forums Read

Notices

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1  
Old 03-30-2023, 23:38
RAMPage RAMPage is offline
Friend
  
Join Date: Mar 2023
Posts: 37
Rept. Given: 0
Rept. Rcvd 1 Time in 1 Post
Thanks Given: 44
Thanks Rcvd at 16 Times in 9 Posts
RAMPage Reputation: 1
CodeCave in x64
Hello, I did 12 years ago redirecting the flow of execution was easy on a 32bit PE Executable, Change EP, to the code cave saving registers status executing code and then restoring them. In x64 i searching the way to.

Code:
hxxs://www.codeproject.com/Articles/20240/The-Beginners-Guide-to-Codecaves
The way to clear the registers, how I do this in x64? I was seeing PUSHAD and PUSHFD isnt in x64. Should I have to PUSH all registers and pop them off in x64?


Code:
x32

PUSHAD
PUSHFD
<CODE>
POPAD
POPFD
JMP Original Entry Point
Thanks
Reply With Quote
 

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Threaded Mode Threaded Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


All times are GMT +8. The time now is 03:16.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2023 )