acheron icon indicating copy to clipboard operation
acheron copied to clipboard
verified publisher icon f1zm0

32-bit function for wow64

Open scriptchildie opened this issue 2 years ago • 1 comments

In case you would like to integrate this to your library. Not exactly a syscall since it's calling ntdll!Wow64SystemServiceCall . I will adapt to native x86 if there is any interest at all.

#include "textflag.h"
#define maxargs 16
//func Syscall(callid uint32,tramboline uintptr, argh ...uintptr) (uint32, error)
TEXT ·bpSyscall(SB),NOSPLIT,$0
	MOVL callid+0(FP), DX
	MOVL tramboline+4(FP), BX
	MOVL argh+8(FP), SI
	

	// SetLastError(0).
	MOVL	$0, 0x34(FS)
	
	// Copy args to the stack.
	MOVL	SP, BP
	PUSHL	AX
	MOVL	argh_len+0x0c(FP), CX	// words
	MOVL	CX, AX
	SALL	$2, AX
	SUBL	AX, SP			// room for args
	POPL 	AX
	MOVL	SP, DI
	CLD
	REP; MOVSL

	// Call stdcall or cdecl function.
	// DI SI BP BX are preserved, SP is not
	MOVL DX,AX
	CALL BX  

	// Return result.
	MOVL	AX, errcode+0x14(FP)

	RET

scriptchildie avatar Jul 17 '23 08:07 scriptchildie

im waiting since Jul 17, 2023...

EvilBytecode avatar Jul 11 '24 16:07 EvilBytecode