main.c 1.3 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162
  1. #include <stdio.h>
  2. typedef long long s64_t;
  3. typedef unsigned long long u64_t;
  4. u64_t reverse_order(u64_t num, int width)
  5. {
  6. unsigned char swap[8];
  7. for (int i = 7; i >= 0; --i) {
  8. if (i >= width) {
  9. swap[i] = 0;
  10. } else {
  11. swap[i] = num;
  12. num >>= 8;
  13. }
  14. }
  15. return *((u64_t *)swap);
  16. }
  17. int main()
  18. {
  19. while (1) {
  20. s64_t dst_addr, src_addr;
  21. char *mode = "DOWN";
  22. printf("Inject pos: 0x ");
  23. if (!scanf("%llx", &src_addr))
  24. continue;
  25. printf("Dest addr: 0x ");
  26. if (!scanf("%llx", &dst_addr))
  27. continue;
  28. puts("--------------");
  29. u64_t distance = 0;
  30. if (dst_addr < src_addr) {
  31. mode = "UP";
  32. distance = 0x100000000 - src_addr + dst_addr; // (addr2 - addr1)
  33. } else {
  34. distance = dst_addr - src_addr;
  35. }
  36. printf(" Distance: %lld (%s)\n", dst_addr - src_addr, mode);
  37. u64_t rev_41 = reverse_order(distance - 5, 4);
  38. printf(" JMP : E9 %08llx\n", rev_41);
  39. printf(" CALL: E8 %08llx\n", rev_41);
  40. u64_t rev_43 = reverse_order(distance - 7, 4);
  41. printf(" MOV RAX,PTR: 48 8b 05 %08llx\n", rev_43);
  42. printf(" LEA RCX,[D]: 48 8d 0d %08llx\n", rev_43);
  43. if (distance < 0x80) {
  44. u64_t rev_1 = reverse_order(distance - 2, 1);
  45. printf(" JZ : 74 %02llx\n", rev_1);
  46. printf(" JNZ: 75 %02llx\n", rev_1);
  47. }
  48. puts("==============");
  49. puts("");
  50. }
  51. return 0;
  52. }