1

I'm in the process of learning to program in assembly. The reason for this is to become a better reverse engineer. My problem is:

I'm building a very basic 64-bit executable in Windows. I want to write a function in ASM (x64 instructions) and call it from my C++ program. I'm using Visual Studio 2019 Community. In fact, the ASM function I wrote is below. All it's supposed to do is grab the address of the Process Environment Block without leveraging the Native/Win32 APIs. How would I call this inside VS?

global getPEB

getPEB:
    push rbp
    mov rbp, rsp
    lea rax, gs:[0x60]
    leave
    ret
Michael Petch
  • 46,082
  • 8
  • 107
  • 198
kdusa32
  • 11
  • 1
  • https://learn.microsoft.com/en-us/cpp/assembler/masm/masm-for-x64-ml64-exe?view=msvc-160 – Kbdman Nov 10 '20 at 05:35
  • 2
    I think you mean `mov rax, gs:[0x60]` and not `lea rax, gs:[0x60]` . You can of course do this in C/C++ using the compiler intrinsic [__readgsqword](https://learn.microsoft.com/en-us/cpp/intrinsics/readgsbyte-readgsdword-readgsqword-readgsword?view=msvc-160) . This doesn't rely on the Win API. – Michael Petch Nov 10 '20 at 11:47
  • There is also no need to use the stack frame in this case so the function could just be `mov rax, gs:[0x60]` `ret` – Michael Petch Nov 10 '20 at 11:55
  • There is an SO answer about adding MASM assembly code files to your project and enabling a build customization for it: https://stackoverflow.com/a/33757749/3857942 – Michael Petch Nov 10 '20 at 12:08

0 Answers0