21,489
社区成员




代码如下:
; https://gist.github.com/esoterix/df38008568c50d4f83123e3a90b62ebb
include ksamd64.inc
extern InstrumentationCallback:proc
EXTERNDEF __imp_RtlCaptureContext:QWORD
.code
InstrHook proc
mov gs:[2e0h], rsp ; Win10 TEB InstrumentationCallbackPreviousSp
mov gs:[2d8h], r10 ; Win10 TEB InstrumentationCallbackPreviousPc
mov r10, rcx ; Save original RCX
sub rsp, 4d0h ; Alloc stack space for CONTEXT structure
and rsp, -10h ; RSP must be 16 byte aligned before calls
mov rcx, rsp
call __imp_RtlCaptureContext ; Save the current register state. RtlCaptureContext does not require shadow space
sub rsp, 20h ; Shadow space
call InstrumentationCallback ; Call main instrumentation routine
InstrHook endp
end
我在尝试编译时发现报错:
由于我不是很懂汇编代码,我上网搜的是在前面添加上.model flat,但是又会出现新的报错:
我尝试了很多次,都不知道该怎么解决,希望有懂汇编的兄弟能给解答一下,感谢
仅供参考:
C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\bin\amd64\ml64.exe
C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\bin\x86_amd64\ml64.exe
C:\Program Files (x86)\Microsoft Visual Studio 12.0\VC\bin\amd64\ml64.exe
C:\Program Files (x86)\Microsoft Visual Studio 12.0\VC\bin\x86_amd64\ml64.exe
C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\bin\amd64\ml64.exe
C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\bin\x86_amd64\ml64.exe
C:\Program Files (x86)\Microsoft Visual Studio\2017\BuildTools\VC\Tools\MSVC\14.16.27023\bin\Hostx64\x64\ml64.exe
C:\Program Files (x86)\Microsoft Visual Studio\2017\BuildTools\VC\Tools\MSVC\14.16.27023\bin\Hostx86\x64\ml64.exe
C:\Program Files (x86)\Microsoft Visual Studio\2017\Enterprise\VC\Tools\MSVC\14.16.27023\bin\Hostx64\x64\ml64.exe
C:\Program Files (x86)\Microsoft Visual Studio\2017\Enterprise\VC\Tools\MSVC\14.16.27023\bin\Hostx86\x64\ml64.exe
C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\VC\Tools\MSVC\14.29.30133\bin\Hostx64\x64\ml64.exe
C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\VC\Tools\MSVC\14.29.30133\bin\Hostx86\x64\ml64.exe
C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.40.33807\bin\Hostx64\x64\ml64.exe
C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.40.33807\bin\Hostx86\x64\ml64.exe
.model flat只用于32位汇编,你这是64位代码,不需要。
在命令行下:
ml64 /c instrhook64.asm