我正在尝试在 Windows 10 64 位上使用 fasm 执行 x86 汇编的第一步。为此,我使用了这个 hello world 代码
format pe64 console
entry start
STD_OUTPUT_HANDLE = -11
section '.text' code readable executable
start:
sub rsp, 8*7
mov rcx, STD_OUTPUT_HANDLE
call [GetStdHandle]
mov rcx, rax
lea rdx, [message]
mov r8d, message_length
lea r9, [rsp+4*8]
mov qword[rsp+4*8], 0
call [WriteFile]
mov ecx, eax
call [ExitProcess]
section '.data' data readable writeable
message db 'Hello World!',0
message_length = $ - message
section '.idata' import data readable writeable
dd 0,0,0,RVA kernel_name,RVA kernel_table
dd 0,0,0,0,0
kernel_table:
ExitProcess dq RVA _ExitProcess
GetStdHandle dq RVA _GetStdHandle
WriteFile dq RVA _WriteFile
dq 0
kernel_name db 'KERNEL32.DLL',0
user_name db 'USER32.DLL',0
_ExitProcess db 0,0,'ExitProcess',0
_GetStdHandle db 0,0,'GetStdHandle',0
_WriteFile db 0,0,'WriteFile',0
打印“Hello World!”。
然后我尝试使用一些宏并将代码更改为
include 'win64ax.inc'
STD_OUTPUT_HANDLE = -11
.code
start:
sub rsp, 8*6
mov rcx, STD_OUTPUT_HANDLE
call [GetStdHandle]
mov rcx, rax
lea rdx, [message]
mov r8d, message_length
lea r9, [rsp+4*8]
mov qword[rsp+4*8], 0
call [WriteFile]
mov ecx, eax
call [ExitProcess]
.end start
section '.data' data readable writeable
message db 'Hello World!',0
message_length = $ - message
但是,现在执行时不会打印任何内容。当我比较 x64dbg 中的反汇编时,它看起来并没有那么不同。工作:
sub rsp,38
mov rcx,FFFFFFFFFFFFFFF5
call qword ptr ds:[<GetStdHandle>]
mov rcx,rax
lea rdx,qword ptr ds:[402000]
mov r8d,D
lea r9,qword ptr ss:[rsp+20]
mov qword ptr ss:[rsp+20],0
call qword ptr ds:[<WriteFile>]
mov ecx,eax
call qword ptr ds:[<ExitProcess>]
并且不工作:
sub rsp,8
sub rsp,30
mov rcx,FFFFFFFFFFFFFFF5
call qword ptr ds:[<GetStdHandle>]
mov rcx,rax
lea rdx,qword ptr ds:[403000]
mov r8d,D
lea r9,qword ptr ss:[rsp+20]
mov qword ptr ss:[rsp+20],0
call qword ptr ds:[<WriteFile>]
mov ecx,eax
call qword ptr ds:[<ExitProcess>]
唯一的区别就在这里
lea rdx,qword ptr ds:[403000]
我的宏使用代码有什么问题?
开头的
format pe64 consoleGetStdHandlerax中返回
0。