调用门测试(三) 参数传递

2018-3-18 流沙 保护模式学习总结

0x001 设置环境

eq 8003f048 0040EC03`00081030


0x002 测试代码

#include <windows.h>
#include <stdio.h>

DWORD x;
DWORD y;
DWORD z;

void __declspec(naked) GateProc()
{
	__asm{
		pushad
		pushfd

		mov eax,[esp+0x24+0x8+0x8]
		mov DWORD ptr ds:[x],eax
		mov eax,[esp+0x24+8+4]
		mov DWORD ptr ds:[y],eax
		mov eax,[esp+0x24+8+0]
		mov DWORD ptr ds:[z],eax

		popfd
		popad

		retf 0xC  //平衡堆栈 写错蓝屏
	}
}

void PrintRegister()
{
	printf("%x %x %x \n",x,y,z);
}


int main(int argc, char* argv[])
{
	_asm{
		mov eax,eax
		mov eax,eax
	}
	char buff[6];
	*(DWORD*)&buff[0]=0x12345678;
	*(WORD*)&buff[4] = 0x48;

	__asm
	{
		push 1
		push 2
		push 3
		call fword ptr[buff]
	}

	PrintRegister();
	getchar();
	return 0;
}

发表评论:

Powered by 流沙团

备案号:鄂ICP备15017378号-1