mirror of
https://github.com/tdeerenberg/InlineWhispers3.git
synced 2025-07-17 00:44:17 +00:00
Add SysWhispers3 data
This commit is contained in:
tdeerenberg
563
SysWhispers3/example-output/Syscalls-asm.x64.asm
Normal file
563
SysWhispers3/example-output/Syscalls-asm.x64.asm
Normal file
@ -0,0 +1,563 @@
|
||||
.code
|
||||
|
||||
EXTERN SW3_GetSyscallNumber: PROC
|
||||
|
||||
NtCreateProcess PROC
|
||||
mov [rsp +8], rcx ; Save registers.
|
||||
mov [rsp+16], rdx
|
||||
mov [rsp+24], r8
|
||||
mov [rsp+32], r9
|
||||
sub rsp, 28h
|
||||
mov ecx, 029943818h ; Load function hash into ECX.
|
||||
call SW3_GetSyscallNumber ; Resolve function hash into syscall number.
|
||||
add rsp, 28h
|
||||
mov rcx, [rsp+8] ; Restore registers.
|
||||
mov rdx, [rsp+16]
|
||||
mov r8, [rsp+24]
|
||||
mov r9, [rsp+32]
|
||||
mov r10, rcx
|
||||
syscall ; Invoke system call.
|
||||
ret
|
||||
NtCreateProcess ENDP
|
||||
|
||||
NtCreateThreadEx PROC
|
||||
mov [rsp +8], rcx ; Save registers.
|
||||
mov [rsp+16], rdx
|
||||
mov [rsp+24], r8
|
||||
mov [rsp+32], r9
|
||||
sub rsp, 28h
|
||||
mov ecx, 052B6124Eh ; Load function hash into ECX.
|
||||
call SW3_GetSyscallNumber ; Resolve function hash into syscall number.
|
||||
add rsp, 28h
|
||||
mov rcx, [rsp+8] ; Restore registers.
|
||||
mov rdx, [rsp+16]
|
||||
mov r8, [rsp+24]
|
||||
mov r9, [rsp+32]
|
||||
mov r10, rcx
|
||||
syscall ; Invoke system call.
|
||||
ret
|
||||
NtCreateThreadEx ENDP
|
||||
|
||||
NtOpenProcess PROC
|
||||
mov [rsp +8], rcx ; Save registers.
|
||||
mov [rsp+16], rdx
|
||||
mov [rsp+24], r8
|
||||
mov [rsp+32], r9
|
||||
sub rsp, 28h
|
||||
mov ecx, 00DD60C24h ; Load function hash into ECX.
|
||||
call SW3_GetSyscallNumber ; Resolve function hash into syscall number.
|
||||
add rsp, 28h
|
||||
mov rcx, [rsp+8] ; Restore registers.
|
||||
mov rdx, [rsp+16]
|
||||
mov r8, [rsp+24]
|
||||
mov r9, [rsp+32]
|
||||
mov r10, rcx
|
||||
syscall ; Invoke system call.
|
||||
ret
|
||||
NtOpenProcess ENDP
|
||||
|
||||
NtOpenProcessToken PROC
|
||||
mov [rsp +8], rcx ; Save registers.
|
||||
mov [rsp+16], rdx
|
||||
mov [rsp+24], r8
|
||||
mov [rsp+32], r9
|
||||
sub rsp, 28h
|
||||
mov ecx, 0C3914A8Dh ; Load function hash into ECX.
|
||||
call SW3_GetSyscallNumber ; Resolve function hash into syscall number.
|
||||
add rsp, 28h
|
||||
mov rcx, [rsp+8] ; Restore registers.
|
||||
mov rdx, [rsp+16]
|
||||
mov r8, [rsp+24]
|
||||
mov r9, [rsp+32]
|
||||
mov r10, rcx
|
||||
syscall ; Invoke system call.
|
||||
ret
|
||||
NtOpenProcessToken ENDP
|
||||
|
||||
NtTestAlert PROC
|
||||
mov [rsp +8], rcx ; Save registers.
|
||||
mov [rsp+16], rdx
|
||||
mov [rsp+24], r8
|
||||
mov [rsp+32], r9
|
||||
sub rsp, 28h
|
||||
mov ecx, 02EB45D3Ah ; Load function hash into ECX.
|
||||
call SW3_GetSyscallNumber ; Resolve function hash into syscall number.
|
||||
add rsp, 28h
|
||||
mov rcx, [rsp+8] ; Restore registers.
|
||||
mov rdx, [rsp+16]
|
||||
mov r8, [rsp+24]
|
||||
mov r9, [rsp+32]
|
||||
mov r10, rcx
|
||||
syscall ; Invoke system call.
|
||||
ret
|
||||
NtTestAlert ENDP
|
||||
|
||||
NtOpenThread PROC
|
||||
mov [rsp +8], rcx ; Save registers.
|
||||
mov [rsp+16], rdx
|
||||
mov [rsp+24], r8
|
||||
mov [rsp+32], r9
|
||||
sub rsp, 28h
|
||||
mov ecx, 075426DE5h ; Load function hash into ECX.
|
||||
call SW3_GetSyscallNumber ; Resolve function hash into syscall number.
|
||||
add rsp, 28h
|
||||
mov rcx, [rsp+8] ; Restore registers.
|
||||
mov rdx, [rsp+16]
|
||||
mov r8, [rsp+24]
|
||||
mov r9, [rsp+32]
|
||||
mov r10, rcx
|
||||
syscall ; Invoke system call.
|
||||
ret
|
||||
NtOpenThread ENDP
|
||||
|
||||
NtSuspendProcess PROC
|
||||
mov [rsp +8], rcx ; Save registers.
|
||||
mov [rsp+16], rdx
|
||||
mov [rsp+24], r8
|
||||
mov [rsp+32], r9
|
||||
sub rsp, 28h
|
||||
mov ecx, 0F022DFBFh ; Load function hash into ECX.
|
||||
call SW3_GetSyscallNumber ; Resolve function hash into syscall number.
|
||||
add rsp, 28h
|
||||
mov rcx, [rsp+8] ; Restore registers.
|
||||
mov rdx, [rsp+16]
|
||||
mov r8, [rsp+24]
|
||||
mov r9, [rsp+32]
|
||||
mov r10, rcx
|
||||
syscall ; Invoke system call.
|
||||
ret
|
||||
NtSuspendProcess ENDP
|
||||
|
||||
NtSuspendThread PROC
|
||||
mov [rsp +8], rcx ; Save registers.
|
||||
mov [rsp+16], rdx
|
||||
mov [rsp+24], r8
|
||||
mov [rsp+32], r9
|
||||
sub rsp, 28h
|
||||
mov ecx, 00F3F9E0Dh ; Load function hash into ECX.
|
||||
call SW3_GetSyscallNumber ; Resolve function hash into syscall number.
|
||||
add rsp, 28h
|
||||
mov rcx, [rsp+8] ; Restore registers.
|
||||
mov rdx, [rsp+16]
|
||||
mov r8, [rsp+24]
|
||||
mov r9, [rsp+32]
|
||||
mov r10, rcx
|
||||
syscall ; Invoke system call.
|
||||
ret
|
||||
NtSuspendThread ENDP
|
||||
|
||||
NtResumeProcess PROC
|
||||
mov [rsp +8], rcx ; Save registers.
|
||||
mov [rsp+16], rdx
|
||||
mov [rsp+24], r8
|
||||
mov [rsp+32], r9
|
||||
sub rsp, 28h
|
||||
mov ecx, 041D54040h ; Load function hash into ECX.
|
||||
call SW3_GetSyscallNumber ; Resolve function hash into syscall number.
|
||||
add rsp, 28h
|
||||
mov rcx, [rsp+8] ; Restore registers.
|
||||
mov rdx, [rsp+16]
|
||||
mov r8, [rsp+24]
|
||||
mov r9, [rsp+32]
|
||||
mov r10, rcx
|
||||
syscall ; Invoke system call.
|
||||
ret
|
||||
NtResumeProcess ENDP
|
||||
|
||||
NtResumeThread PROC
|
||||
mov [rsp +8], rcx ; Save registers.
|
||||
mov [rsp+16], rdx
|
||||
mov [rsp+24], r8
|
||||
mov [rsp+32], r9
|
||||
sub rsp, 28h
|
||||
mov ecx, 0B28FAC35h ; Load function hash into ECX.
|
||||
call SW3_GetSyscallNumber ; Resolve function hash into syscall number.
|
||||
add rsp, 28h
|
||||
mov rcx, [rsp+8] ; Restore registers.
|
||||
mov rdx, [rsp+16]
|
||||
mov r8, [rsp+24]
|
||||
mov r9, [rsp+32]
|
||||
mov r10, rcx
|
||||
syscall ; Invoke system call.
|
||||
ret
|
||||
NtResumeThread ENDP
|
||||
|
||||
NtGetContextThread PROC
|
||||
mov [rsp +8], rcx ; Save registers.
|
||||
mov [rsp+16], rdx
|
||||
mov [rsp+24], r8
|
||||
mov [rsp+32], r9
|
||||
sub rsp, 28h
|
||||
mov ecx, 0BB97FF4Fh ; Load function hash into ECX.
|
||||
call SW3_GetSyscallNumber ; Resolve function hash into syscall number.
|
||||
add rsp, 28h
|
||||
mov rcx, [rsp+8] ; Restore registers.
|
||||
mov rdx, [rsp+16]
|
||||
mov r8, [rsp+24]
|
||||
mov r9, [rsp+32]
|
||||
mov r10, rcx
|
||||
syscall ; Invoke system call.
|
||||
ret
|
||||
NtGetContextThread ENDP
|
||||
|
||||
NtSetContextThread PROC
|
||||
mov [rsp +8], rcx ; Save registers.
|
||||
mov [rsp+16], rdx
|
||||
mov [rsp+24], r8
|
||||
mov [rsp+32], r9
|
||||
sub rsp, 28h
|
||||
mov ecx, 093B3CF03h ; Load function hash into ECX.
|
||||
call SW3_GetSyscallNumber ; Resolve function hash into syscall number.
|
||||
add rsp, 28h
|
||||
mov rcx, [rsp+8] ; Restore registers.
|
||||
mov rdx, [rsp+16]
|
||||
mov r8, [rsp+24]
|
||||
mov r9, [rsp+32]
|
||||
mov r10, rcx
|
||||
syscall ; Invoke system call.
|
||||
ret
|
||||
NtSetContextThread ENDP
|
||||
|
||||
NtClose PROC
|
||||
mov [rsp +8], rcx ; Save registers.
|
||||
mov [rsp+16], rdx
|
||||
mov [rsp+24], r8
|
||||
mov [rsp+32], r9
|
||||
sub rsp, 28h
|
||||
mov ecx, 04B1B40BBh ; Load function hash into ECX.
|
||||
call SW3_GetSyscallNumber ; Resolve function hash into syscall number.
|
||||
add rsp, 28h
|
||||
mov rcx, [rsp+8] ; Restore registers.
|
||||
mov rdx, [rsp+16]
|
||||
mov r8, [rsp+24]
|
||||
mov r9, [rsp+32]
|
||||
mov r10, rcx
|
||||
syscall ; Invoke system call.
|
||||
ret
|
||||
NtClose ENDP
|
||||
|
||||
NtReadVirtualMemory PROC
|
||||
mov [rsp +8], rcx ; Save registers.
|
||||
mov [rsp+16], rdx
|
||||
mov [rsp+24], r8
|
||||
mov [rsp+32], r9
|
||||
sub rsp, 28h
|
||||
mov ecx, 009824143h ; Load function hash into ECX.
|
||||
call SW3_GetSyscallNumber ; Resolve function hash into syscall number.
|
||||
add rsp, 28h
|
||||
mov rcx, [rsp+8] ; Restore registers.
|
||||
mov rdx, [rsp+16]
|
||||
mov r8, [rsp+24]
|
||||
mov r9, [rsp+32]
|
||||
mov r10, rcx
|
||||
syscall ; Invoke system call.
|
||||
ret
|
||||
NtReadVirtualMemory ENDP
|
||||
|
||||
NtWriteVirtualMemory PROC
|
||||
mov [rsp +8], rcx ; Save registers.
|
||||
mov [rsp+16], rdx
|
||||
mov [rsp+24], r8
|
||||
mov [rsp+32], r9
|
||||
sub rsp, 28h
|
||||
mov ecx, 08E108490h ; Load function hash into ECX.
|
||||
call SW3_GetSyscallNumber ; Resolve function hash into syscall number.
|
||||
add rsp, 28h
|
||||
mov rcx, [rsp+8] ; Restore registers.
|
||||
mov rdx, [rsp+16]
|
||||
mov r8, [rsp+24]
|
||||
mov r9, [rsp+32]
|
||||
mov r10, rcx
|
||||
syscall ; Invoke system call.
|
||||
ret
|
||||
NtWriteVirtualMemory ENDP
|
||||
|
||||
NtAllocateVirtualMemory PROC
|
||||
mov [rsp +8], rcx ; Save registers.
|
||||
mov [rsp+16], rdx
|
||||
mov [rsp+24], r8
|
||||
mov [rsp+32], r9
|
||||
sub rsp, 28h
|
||||
mov ecx, 0C253FAF2h ; Load function hash into ECX.
|
||||
call SW3_GetSyscallNumber ; Resolve function hash into syscall number.
|
||||
add rsp, 28h
|
||||
mov rcx, [rsp+8] ; Restore registers.
|
||||
mov rdx, [rsp+16]
|
||||
mov r8, [rsp+24]
|
||||
mov r9, [rsp+32]
|
||||
mov r10, rcx
|
||||
syscall ; Invoke system call.
|
||||
ret
|
||||
NtAllocateVirtualMemory ENDP
|
||||
|
||||
NtProtectVirtualMemory PROC
|
||||
mov [rsp +8], rcx ; Save registers.
|
||||
mov [rsp+16], rdx
|
||||
mov [rsp+24], r8
|
||||
mov [rsp+32], r9
|
||||
sub rsp, 28h
|
||||
mov ecx, 0C0603A1Dh ; Load function hash into ECX.
|
||||
call SW3_GetSyscallNumber ; Resolve function hash into syscall number.
|
||||
add rsp, 28h
|
||||
mov rcx, [rsp+8] ; Restore registers.
|
||||
mov rdx, [rsp+16]
|
||||
mov r8, [rsp+24]
|
||||
mov r9, [rsp+32]
|
||||
mov r10, rcx
|
||||
syscall ; Invoke system call.
|
||||
ret
|
||||
NtProtectVirtualMemory ENDP
|
||||
|
||||
NtFreeVirtualMemory PROC
|
||||
mov [rsp +8], rcx ; Save registers.
|
||||
mov [rsp+16], rdx
|
||||
mov [rsp+24], r8
|
||||
mov [rsp+32], r9
|
||||
sub rsp, 28h
|
||||
mov ecx, 087118D83h ; Load function hash into ECX.
|
||||
call SW3_GetSyscallNumber ; Resolve function hash into syscall number.
|
||||
add rsp, 28h
|
||||
mov rcx, [rsp+8] ; Restore registers.
|
||||
mov rdx, [rsp+16]
|
||||
mov r8, [rsp+24]
|
||||
mov r9, [rsp+32]
|
||||
mov r10, rcx
|
||||
syscall ; Invoke system call.
|
||||
ret
|
||||
NtFreeVirtualMemory ENDP
|
||||
|
||||
NtQuerySystemInformation PROC
|
||||
mov [rsp +8], rcx ; Save registers.
|
||||
mov [rsp+16], rdx
|
||||
mov [rsp+24], r8
|
||||
mov [rsp+32], r9
|
||||
sub rsp, 28h
|
||||
mov ecx, 0A4069EABh ; Load function hash into ECX.
|
||||
call SW3_GetSyscallNumber ; Resolve function hash into syscall number.
|
||||
add rsp, 28h
|
||||
mov rcx, [rsp+8] ; Restore registers.
|
||||
mov rdx, [rsp+16]
|
||||
mov r8, [rsp+24]
|
||||
mov r9, [rsp+32]
|
||||
mov r10, rcx
|
||||
syscall ; Invoke system call.
|
||||
ret
|
||||
NtQuerySystemInformation ENDP
|
||||
|
||||
NtQueryDirectoryFile PROC
|
||||
mov [rsp +8], rcx ; Save registers.
|
||||
mov [rsp+16], rdx
|
||||
mov [rsp+24], r8
|
||||
mov [rsp+32], r9
|
||||
sub rsp, 28h
|
||||
mov ecx, 09533C586h ; Load function hash into ECX.
|
||||
call SW3_GetSyscallNumber ; Resolve function hash into syscall number.
|
||||
add rsp, 28h
|
||||
mov rcx, [rsp+8] ; Restore registers.
|
||||
mov rdx, [rsp+16]
|
||||
mov r8, [rsp+24]
|
||||
mov r9, [rsp+32]
|
||||
mov r10, rcx
|
||||
syscall ; Invoke system call.
|
||||
ret
|
||||
NtQueryDirectoryFile ENDP
|
||||
|
||||
NtQueryInformationFile PROC
|
||||
mov [rsp +8], rcx ; Save registers.
|
||||
mov [rsp+16], rdx
|
||||
mov [rsp+24], r8
|
||||
mov [rsp+32], r9
|
||||
sub rsp, 28h
|
||||
mov ecx, 0AC3E2418h ; Load function hash into ECX.
|
||||
call SW3_GetSyscallNumber ; Resolve function hash into syscall number.
|
||||
add rsp, 28h
|
||||
mov rcx, [rsp+8] ; Restore registers.
|
||||
mov rdx, [rsp+16]
|
||||
mov r8, [rsp+24]
|
||||
mov r9, [rsp+32]
|
||||
mov r10, rcx
|
||||
syscall ; Invoke system call.
|
||||
ret
|
||||
NtQueryInformationFile ENDP
|
||||
|
||||
NtQueryInformationProcess PROC
|
||||
mov [rsp +8], rcx ; Save registers.
|
||||
mov [rsp+16], rdx
|
||||
mov [rsp+24], r8
|
||||
mov [rsp+32], r9
|
||||
sub rsp, 28h
|
||||
mov ecx, 002AC0B33h ; Load function hash into ECX.
|
||||
call SW3_GetSyscallNumber ; Resolve function hash into syscall number.
|
||||
add rsp, 28h
|
||||
mov rcx, [rsp+8] ; Restore registers.
|
||||
mov rdx, [rsp+16]
|
||||
mov r8, [rsp+24]
|
||||
mov r9, [rsp+32]
|
||||
mov r10, rcx
|
||||
syscall ; Invoke system call.
|
||||
ret
|
||||
NtQueryInformationProcess ENDP
|
||||
|
||||
NtQueryInformationThread PROC
|
||||
mov [rsp +8], rcx ; Save registers.
|
||||
mov [rsp+16], rdx
|
||||
mov [rsp+24], r8
|
||||
mov [rsp+32], r9
|
||||
sub rsp, 28h
|
||||
mov ecx, 0745A2EE3h ; Load function hash into ECX.
|
||||
call SW3_GetSyscallNumber ; Resolve function hash into syscall number.
|
||||
add rsp, 28h
|
||||
mov rcx, [rsp+8] ; Restore registers.
|
||||
mov rdx, [rsp+16]
|
||||
mov r8, [rsp+24]
|
||||
mov r9, [rsp+32]
|
||||
mov r10, rcx
|
||||
syscall ; Invoke system call.
|
||||
ret
|
||||
NtQueryInformationThread ENDP
|
||||
|
||||
NtCreateSection PROC
|
||||
mov [rsp +8], rcx ; Save registers.
|
||||
mov [rsp+16], rdx
|
||||
mov [rsp+24], r8
|
||||
mov [rsp+32], r9
|
||||
sub rsp, 28h
|
||||
mov ecx, 0F42FD4F1h ; Load function hash into ECX.
|
||||
call SW3_GetSyscallNumber ; Resolve function hash into syscall number.
|
||||
add rsp, 28h
|
||||
mov rcx, [rsp+8] ; Restore registers.
|
||||
mov rdx, [rsp+16]
|
||||
mov r8, [rsp+24]
|
||||
mov r9, [rsp+32]
|
||||
mov r10, rcx
|
||||
syscall ; Invoke system call.
|
||||
ret
|
||||
NtCreateSection ENDP
|
||||
|
||||
NtOpenSection PROC
|
||||
mov [rsp +8], rcx ; Save registers.
|
||||
mov [rsp+16], rdx
|
||||
mov [rsp+24], r8
|
||||
mov [rsp+32], r9
|
||||
sub rsp, 28h
|
||||
mov ecx, 064CE6A2Fh ; Load function hash into ECX.
|
||||
call SW3_GetSyscallNumber ; Resolve function hash into syscall number.
|
||||
add rsp, 28h
|
||||
mov rcx, [rsp+8] ; Restore registers.
|
||||
mov rdx, [rsp+16]
|
||||
mov r8, [rsp+24]
|
||||
mov r9, [rsp+32]
|
||||
mov r10, rcx
|
||||
syscall ; Invoke system call.
|
||||
ret
|
||||
NtOpenSection ENDP
|
||||
|
||||
NtMapViewOfSection PROC
|
||||
mov [rsp +8], rcx ; Save registers.
|
||||
mov [rsp+16], rdx
|
||||
mov [rsp+24], r8
|
||||
mov [rsp+32], r9
|
||||
sub rsp, 28h
|
||||
mov ecx, 0508A5019h ; Load function hash into ECX.
|
||||
call SW3_GetSyscallNumber ; Resolve function hash into syscall number.
|
||||
add rsp, 28h
|
||||
mov rcx, [rsp+8] ; Restore registers.
|
||||
mov rdx, [rsp+16]
|
||||
mov r8, [rsp+24]
|
||||
mov r9, [rsp+32]
|
||||
mov r10, rcx
|
||||
syscall ; Invoke system call.
|
||||
ret
|
||||
NtMapViewOfSection ENDP
|
||||
|
||||
NtUnmapViewOfSection PROC
|
||||
mov [rsp +8], rcx ; Save registers.
|
||||
mov [rsp+16], rdx
|
||||
mov [rsp+24], r8
|
||||
mov [rsp+32], r9
|
||||
sub rsp, 28h
|
||||
mov ecx, 0DF54DBCEh ; Load function hash into ECX.
|
||||
call SW3_GetSyscallNumber ; Resolve function hash into syscall number.
|
||||
add rsp, 28h
|
||||
mov rcx, [rsp+8] ; Restore registers.
|
||||
mov rdx, [rsp+16]
|
||||
mov r8, [rsp+24]
|
||||
mov r9, [rsp+32]
|
||||
mov r10, rcx
|
||||
syscall ; Invoke system call.
|
||||
ret
|
||||
NtUnmapViewOfSection ENDP
|
||||
|
||||
NtAdjustPrivilegesToken PROC
|
||||
mov [rsp +8], rcx ; Save registers.
|
||||
mov [rsp+16], rdx
|
||||
mov [rsp+24], r8
|
||||
mov [rsp+32], r9
|
||||
sub rsp, 28h
|
||||
mov ecx, 05DC34340h ; Load function hash into ECX.
|
||||
call SW3_GetSyscallNumber ; Resolve function hash into syscall number.
|
||||
add rsp, 28h
|
||||
mov rcx, [rsp+8] ; Restore registers.
|
||||
mov rdx, [rsp+16]
|
||||
mov r8, [rsp+24]
|
||||
mov r9, [rsp+32]
|
||||
mov r10, rcx
|
||||
syscall ; Invoke system call.
|
||||
ret
|
||||
NtAdjustPrivilegesToken ENDP
|
||||
|
||||
NtDeviceIoControlFile PROC
|
||||
mov [rsp +8], rcx ; Save registers.
|
||||
mov [rsp+16], rdx
|
||||
mov [rsp+24], r8
|
||||
mov [rsp+32], r9
|
||||
sub rsp, 28h
|
||||
mov ecx, 0D1DAE373h ; Load function hash into ECX.
|
||||
call SW3_GetSyscallNumber ; Resolve function hash into syscall number.
|
||||
add rsp, 28h
|
||||
mov rcx, [rsp+8] ; Restore registers.
|
||||
mov rdx, [rsp+16]
|
||||
mov r8, [rsp+24]
|
||||
mov r9, [rsp+32]
|
||||
mov r10, rcx
|
||||
syscall ; Invoke system call.
|
||||
ret
|
||||
NtDeviceIoControlFile ENDP
|
||||
|
||||
NtQueueApcThread PROC
|
||||
mov [rsp +8], rcx ; Save registers.
|
||||
mov [rsp+16], rdx
|
||||
mov [rsp+24], r8
|
||||
mov [rsp+32], r9
|
||||
sub rsp, 28h
|
||||
mov ecx, 0E851AAFFh ; Load function hash into ECX.
|
||||
call SW3_GetSyscallNumber ; Resolve function hash into syscall number.
|
||||
add rsp, 28h
|
||||
mov rcx, [rsp+8] ; Restore registers.
|
||||
mov rdx, [rsp+16]
|
||||
mov r8, [rsp+24]
|
||||
mov r9, [rsp+32]
|
||||
mov r10, rcx
|
||||
syscall ; Invoke system call.
|
||||
ret
|
||||
NtQueueApcThread ENDP
|
||||
|
||||
NtWaitForMultipleObjects PROC
|
||||
mov [rsp +8], rcx ; Save registers.
|
||||
mov [rsp+16], rdx
|
||||
mov [rsp+24], r8
|
||||
mov [rsp+32], r9
|
||||
sub rsp, 28h
|
||||
mov ecx, 003837B11h ; Load function hash into ECX.
|
||||
call SW3_GetSyscallNumber ; Resolve function hash into syscall number.
|
||||
add rsp, 28h
|
||||
mov rcx, [rsp+8] ; Restore registers.
|
||||
mov rdx, [rsp+16]
|
||||
mov r8, [rsp+24]
|
||||
mov r9, [rsp+32]
|
||||
mov r10, rcx
|
||||
syscall ; Invoke system call.
|
||||
ret
|
||||
NtWaitForMultipleObjects ENDP
|
||||
|
||||
end
|
||||
Reference in New Issue
Block a user