pasm icon indicating copy to clipboard operation
pasm copied to clipboard
verified publisher icon tpisto

Missing registers

Open wtfbbqhax opened this issue 10 years ago • 2 comments

Tried looking at some OSX x64 shellcode- and it choked on registers dil and sil.

According to quick google search; they are the lower 8 bits of rdi and rsi, respectively. An MSDN page

Looks like the reference materials (x86...xml's) did not outline these lower addressing registers- and I guess ultimately the problem- but its also missing in yasm.y.

wtfbbqhax avatar Oct 21 '15 09:10 wtfbbqhax

dil, sil, bpl and spl are an interesting bunch. Just like r8b to r15b they are only available in 64-Bit Mode. But where ah, bh, ch and dh can not be addressed in instructions that use a REX prefix, dil, sil, bpl and spl can only be addressed in such instructions.

SHyx0rmZ avatar Oct 21 '15 10:10 SHyx0rmZ

I forgot the link above- here is the assembly that I was testing with. https://www.exploit-db.com/exploits/38126/

wtfbbqhax avatar Oct 24 '15 20:10 wtfbbqhax