x64相关文档:
0.环境
编译器:ml64.exe
链接器:link.exe
cmd选择:这个不要选兼容,不然link不过,不需要配置环境bi
1.32位和64位的区别:
1.eax赋值为1,64位的高32位自动补0
mov eax, ffffffff
rax = 0x00000000ffffffff
mov eax,1
add rax,rax
2
2
1
mov eax,1
2
add rax,rax
3.64位汇编中声明和定义时都不需要写参数了,64位汇编只需写区,定义变量就好
4.关于抬栈一般按模16,
1.比如传4个参数,正常是4*8=0x20,加上call的反回值寄存器0x20+8,不能模16,+8=0x30,能模16,
MyAdd proc
sub rsp, 28h
mov [rsp+30h], ecx ;原本第一个参数地址该是rsp+8h,再加28h,变成rsp+30h
mov [rsp+38h], edx
mov eax, ecx
add eax, edx
add rsp, 28h
ret
MyAdd endp
9
9
1
MyAdd proc
2
sub rsp, 28h
3
mov [rsp+30h], ecx ;原本第一个参数地址该是rsp+8h,再加28h,变成rsp+30h
4
mov [rsp+38h], edx
5
mov eax, ecx
6
add eax, edx
7
add rsp, 28h
8
ret
9
MyAdd endp
2.多于4个参数的 函数内存结构 mov 【rsp+20h】xx
2.64位HelloWord
extern MessageBoxA:proc
extern ExitProcess:proc
includelib user32.lib
includelib kernel32.lib
MB_OK EQU 0
.const
_MSG:
db "Hello x64!", 0dh, 0ah, 0
_TITLE:
db "Title", 0
.data
_BUFF: org 260
.code
START proc
sub rsp, 28h ;нц┴З┐Н╝С sup rsp add rsp
mov rcx, 0
mov rdx, offset _MSG
mov r8, offset _TITLE
mov r9, MB_OK
call MessageBoxA
mov rcx, 0
call ExitProcess
add rsp, 28h
ret
START endp
end
1
46
1
2
3
extern MessageBoxA:proc
4
extern ExitProcess:proc
5
6
includelib user32.lib
7
includelib kernel32.lib
8
9
MB_OK EQU 0
10
11
.const
12
_MSG:
13
db "Hello x64!", 0dh, 0ah, 0
14
_TITLE:
15
db "Title", 0
16
17
.data
18
_BUFF: org 260
19
20
21
22
.code
23
24
25
26
27
START proc
28
sub rsp, 28h ;нц┴З┐Н╝С sup rsp add rsp
29
30
31
32
mov rcx, 0
33
mov rdx, offset _MSG
34
mov r8, offset _TITLE
35
mov r9, MB_OK
36
call MessageBoxA
37
38
mov rcx, 0
39
call ExitProcess
40
add rsp, 28h
41
ret
42
START endp
43
44
end
45
46
3.编译链接的批处理
ml64 /c hello.asm
link64 /SUBSYSTEM:WINDOWS /ENTRY:START /MACHINE:ARM hello.obj rc2.res
ml64 /c Hello.asm
link /subsystem:windows /entry:Main Hello.obj
1
ml64 /c hello.asm
2
link64 /SUBSYSTEM:WINDOWS /ENTRY:START /MACHINE:ARM hello.obj rc2.res
3
4
ml64 /c Hello.asm
5
link /subsystem:windows /entry:Main Hello.obj