标签:uint64 syscall mmap 0x48 func res go MOVQ
package main
import (
"fmt"
"os"
"syscall"
)
func F(a, b uint64) uint64 {
r := make([]uint64, 1)
cadd(r, 9, 8)
return a + b + r[0]
}
func calls(res []uint64, a, b uint64, m []byte)
func padd(res []uint64, a, b uint64)
func cadd(res []uint64, a, b uint64) {
m, err := syscall.Mmap(
-1,
0,
1023,
// The region must be RWX: RW for writing native codes, X for executing the region.
syscall.PROT_READ|syscall.PROT_WRITE|syscall.PROT_EXEC,
// Anonymous as this is not an actual file, but a memory,
// Private as this is in-process memory region.
syscall.MAP_ANON|syscall.MAP_PRIVATE,
)
if err != nil {
panic(err)
}
r := []byte{
0x48, 0x8b, 0x7c, 0x24, 0x08,
0x48, 0x8b, 0x44, 0x24, 0x20,
0x48, 0x8b, 0x6c, 0x24, 0x28,
0x48, 0x01, 0xc5,
0x48, 0x89, 0x2f,
0xc3,
}
copy(m, r)
calls(res, a, b, m)
}
func main() {
fmt.Println(F(uint64(len(os.Args)), 1))
}
#include "textflag.h"
// func padd(res []uint64, a, b uint64)
TEXT ·padd(SB),NOSPLIT,$0
MOVQ res+0(FP), DI
MOVQ a+24(FP), AX
MOVQ b+32(FP), BP
ADDQ AX, BP
MOVQ BP, (DI)
RET
//func calls(res []uint64, a, b uint64, m []byte)
TEXT ·calls(SB),NOSPLIT,$0
MOVQ a+40(FP), AX
JMP AX
https://www.intel.com/content/www/us/en/developer/articles/technical/intel-sdm.html
标签:uint64,
syscall,
mmap,
0x48,
func,
res,
go,
MOVQ
From: https://www.cnblogs.com/Janly/p/17211684.html