From feffc7263bb2fd33ae467de2dd51f1ddbbb1b895 Mon Sep 17 00:00:00 2001 From: midipix Date: Fri, 8 May 2015 23:22:07 -0400 Subject: initial commit. --- include/pemagine/bits/nt64/pe_inline_asm__gcc.h | 87 ++++++++++++++++++++++++ include/pemagine/bits/nt64/pe_inline_asm__msvc.h | 58 ++++++++++++++++ 2 files changed, 145 insertions(+) create mode 100644 include/pemagine/bits/nt64/pe_inline_asm__gcc.h create mode 100644 include/pemagine/bits/nt64/pe_inline_asm__msvc.h (limited to 'include/pemagine/bits/nt64') diff --git a/include/pemagine/bits/nt64/pe_inline_asm__gcc.h b/include/pemagine/bits/nt64/pe_inline_asm__gcc.h new file mode 100644 index 0000000..94d4e34 --- /dev/null +++ b/include/pemagine/bits/nt64/pe_inline_asm__gcc.h @@ -0,0 +1,87 @@ +static __inline__ void * pe_get_teb_address(void) +{ + void * ptrRet; + __asm__ __volatile__ ( + "mov %%gs:0x30, %0\n\t" + : "=r" (ptrRet) : : + ); + return ptrRet; +} + + +static __inline__ void * pe_get_peb_address(void) +{ + void * ptrRet; + __asm__ __volatile__ ( + "mov %%gs:0x60, %0\n\t" + : "=r" (ptrRet) : : + ); + return ptrRet; +} + + +static __inline__ void * pe_get_peb_address_alt(void) +{ + void * ptrRet; + __asm__ __volatile__ ( + "mov %%gs:0x60, %0\n\t" + : "=r" (ptrRet) : : + ); + return ptrRet; +} + + +static __inline__ void * pe_get_peb_ldr_data_address(void) +{ + void * ptrRet; + __asm__ __volatile__ ( + "mov %%gs:0x60, %0\n\t" + "mov %%ds:0x18(%0), %0\n\t" + : "=r" (ptrRet) : : + ); + return ptrRet; +} + + +static __inline__ void * pe_get_peb_ldr_data_address_alt(void) +{ + void * ptrRet; + __asm__ __volatile__ ( + "mov %%gs:0x60, %0\n\t" + "mov %%ds:0x18(%0), %0\n\t" + : "=r" (ptrRet) : : + ); + return ptrRet; +} + + +static __inline__ uint32_t pe_get_current_process_id(void) +{ + uint32_t ptrRet; + __asm__ __volatile__ ( + "mov %%gs:0x40, %0\n\t" + : "=r" (ptrRet) : : + ); + return ptrRet; +} + +static __inline__ uint32_t pe_get_current_thread_id(void) +{ + uint32_t ptrRet; + __asm__ __volatile__ ( + "mov %%gs:0x48, %0\n\t" + : "=r" (ptrRet) : : + ); + return ptrRet; +} + +static __inline__ uint32_t pe_get_current_session_id(void) +{ + uint32_t ptrRet; + __asm__ __volatile__ ( + "mov %%gs:0x60, %0\n\t" + "mov %%ds:0x2c0(%0), %0\n\t" + : "=r" (ptrRet) : : + ); + return ptrRet; +} diff --git a/include/pemagine/bits/nt64/pe_inline_asm__msvc.h b/include/pemagine/bits/nt64/pe_inline_asm__msvc.h new file mode 100644 index 0000000..e83d587 --- /dev/null +++ b/include/pemagine/bits/nt64/pe_inline_asm__msvc.h @@ -0,0 +1,58 @@ +#include + +unsigned __int64 __readgsqword(unsigned long); + +static __inline__ void * pe_get_teb_address(void) +{ + return (void *)__readgsqword(0x30); +} + + +static __inline__ void * pe_get_peb_address(void) +{ + return (void *)__readgsqword(0x60); +} + + +static __inline__ void * pe_get_peb_address_alt(void) +{ + return (void *)__readgsqword(0x60); +} + + +static __inline__ void * pe_get_peb_ldr_data_address(void) +{ + char * rsi; + + rsi = (char *)__readgsqword(0x60); + rsi += 0x18; + + return *(void **)rsi; +} + + +static __inline__ void * pe_get_peb_ldr_data_address_alt(void) +{ + return pe_get_peb_ldr_data_address(); +} + + +static __inline__ uint32_t pe_get_current_process_id(void) +{ + return (uint32_t)__readgsqword(0x40); +} + +static __inline__ uint32_t pe_get_current_thread_id(void) +{ + return (uint32_t)__readgsqword(0x48); +} + +static __inline__ uint32_t pe_get_current_session_id(void) +{ + char * rsi; + + rsi = (char *)__readgsqword(0x60); + rsi += 0x2c0; + + return *(uint32_t *)rsi; +} -- cgit v1.2.3