Explain two methods to get the instruction pointer on x64. At least one of the methods must use RIP addressing.
RIP-relative addressing in x64 makes position independent code much easier to accomplish. Here is an example to get the current instruction pointer:
_getrip:
lea rax, [rel _getrip + 0x7]
; rax now points to this line
By adding the offset 0x7, the effective address will be the line after the load into RAX. If you are able to use null bytes, this can also be accomplished directly using the following method:
lea rax, [rel _getrip]
_getrip:
; rax now points to this line
You can also do a basic stack manipulation:
call _getrip
_getrip:
pop rax
No comments :
Post a Comment