Strange AV in asm mode (code only for amd64)
user1234
user1234 at 12.nl
Mon Nov 6 16:40:01 UTC 2017
On Sunday, 5 November 2017 at 14:25:24 UTC, user1234 wrote:
> On Sunday, 5 November 2017 at 13:43:15 UTC, user1234 wrote:
>> [...]
>
> Hmmm it was just the amount of nops.
>
> ---
> import std.stdio;
>
> alias Proc = size_t function();
>
> size_t allInnOne()
> {
> asm pure nothrow
> {
> naked;
> mov RAX, 1;
> ret;
> nop;nop;
> mov RAX, 2;
> ret;
> }
> }
>
> void main()
> {
> Proc proc1 = &allInnOne;
> Proc proc2 = cast(Proc) (cast(void*)&allInnOne + 8);
> writeln(proc1(), " ",proc2());
> }
> ---
That's a nice trick against static analysis. I imagine well an
attacker trying to fight against the first part, even if never
executed, assuming he found that this function got executed and
then he assumes that the code get executed from the start.
More information about the Digitalmars-d-learn
mailing list