x64汇编第一课
x64相关文档:
0.环境
编译器:ml64.exe
链接器:link.exe
cmd选择:这个不要选兼容,不然link不过,不需要配置环境bi
1.32位和64位的区别:
1.eax赋值为1,64位的高32位自动补0
mov eax, ffffffff
rax = 0x00000000ffffffff
mov eax,1
add rax,rax2
2
1
mov eax,12
add rax,rax3.64位汇编中声明和定义时都不需要写参数了,64位汇编只需写区,定义变量就好
4.关于抬栈一般按模16,
1.比如传4个参数,正常是4*8=0x20,加上call的反回值寄存器0x20+8,不能模16,+8=0x30,能模16,
MyAdd proc
sub rsp, 28h
mov [rsp+30h], ecx ;原本第一个参数地址该是rsp+8h,再加28h,变成rsp+30h
mov [rsp+38h], edx
mov eax, ecx
add eax, edx
add rsp, 28h
ret
MyAdd endp9
9
1
MyAdd proc2
sub rsp, 28h3
mov [rsp+30h], ecx ;原本第一个参数地址该是rsp+8h,再加28h,变成rsp+30h4
mov [rsp+38h], edx5
mov eax, ecx6
add eax, edx7
add rsp, 28h8
ret9
MyAdd endp2.多于4个参数的 函数内存结构 mov 【rsp+20h】xx
2.64位HelloWord
extern MessageBoxA:proc
extern ExitProcess:proc
includelib user32.lib
includelib kernel32.lib
MB_OK EQU 0
.const
_MSG:
db "Hello x64!", 0dh, 0ah, 0
_TITLE:
db "Title", 0
.data
_BUFF: org 260
.code
START proc
sub rsp, 28h ;нц┴З┐Н╝С sup rsp add rsp
mov rcx, 0
mov rdx, offset _MSG
mov r8, offset _TITLE
mov r9, MB_OK
call MessageBoxA
mov rcx, 0
call ExitProcess
add rsp, 28h
ret
START endp
end
1
46
1
2
3
extern MessageBoxA:proc4
extern ExitProcess:proc5
6
includelib user32.lib7
includelib kernel32.lib8
9
MB_OK EQU 010
11
.const12
_MSG: 13
db "Hello x64!", 0dh, 0ah, 014
_TITLE:15
db "Title", 016
17
.data18
_BUFF: org 26019
20
21
22
.code 23
24
25
26
27
START proc 28
sub rsp, 28h ;нц┴З┐Н╝С sup rsp add rsp29
30
31
32
mov rcx, 033
mov rdx, offset _MSG34
mov r8, offset _TITLE35
mov r9, MB_OK36
call MessageBoxA 37
38
mov rcx, 039
call ExitProcess40
add rsp, 28h41
ret42
START endp43
44
end45
46
3.编译链接的批处理
ml64 /c hello.asm
link64 /SUBSYSTEM:WINDOWS /ENTRY:START /MACHINE:ARM hello.obj rc2.res
ml64 /c Hello.asm
link /subsystem:windows /entry:Main Hello.obj1
ml64 /c hello.asm2
link64 /SUBSYSTEM:WINDOWS /ENTRY:START /MACHINE:ARM hello.obj rc2.res3
4
ml64 /c Hello.asm 5
link /subsystem:windows /entry:Main Hello.obj附件列表
浙公网安备 33010602011771号