1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
ExitProcess proto
MessageBoxA proto
.data
lpStr BYTE "Hello World!",0
lpTitle BYTE "Title",0
.code
;x64传参为 rcx rdx r8 r9 rsp+28
main proc
mov rcx,0;hwnd
mov rdx,offset lpStr
mov r8,offset lpTitle
mov r9,0
call MessageBoxA
mov rcx,0
call ExitProcess
main endp
end

以上为src.asm

需要用到ml64 以及kernel32.lib user32.lib
编译命令,路径请自行核对:
“C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\bin\amd64\ml64.exe” C:\Users\Unsped\Desktop\ASM\src.asm /link /DYNAMICBASE:NO /SUBSYSTEM:WINDOWS /ENTRY:main /DYNAMICBASE “C:\Program Files (x86)\Windows Kits\8.1\Lib\winv6.3\um\x64\kernel32.Lib” “C:\Program Files (x86)\Windows Kits\8.1\Lib\winv6.3\um\x64\User32.Lib”

/DYNAMICBASE:NO 动态基质
/SUBSYSTEM:WINDOWS windows非console程序
/ENTRY:main 入口为main 否者会报错:LINK : error LNK2001: 无法解析的外部符号 WinMainCRTStartup 肯定有其他方法解决,就不深究了。
/DYNAMICBASE 指定需要的库文件

至此,编译完成
Microsoft (R) Macro Assembler (x64) Version 14.00.24210.0
Copyright (C) Microsoft Corporation. All rights reserved.

Assembling: C:\Users\Unsped\Desktop\ASM\src.asm
Microsoft (R) Incremental Linker Version 14.00.24215.1
Copyright (C) Microsoft Corporation. All rights reserved.

/OUT:src.exe
src.obj
/DYNAMICBASE:NO
/SUBSYSTEM:WINDOWS
/ENTRY:main
/DYNAMICBASE
“C:\Program Files (x86)\Windows Kits\8.1\Lib\winv6.3\um\x64\kernel32.Lib”
“C:\Program Files (x86)\Windows Kits\8.1\Lib\winv6.3\um\x64\User32.Lib”

1
2
3
4
5
6
7
8
9
10
11
12
13
000000013F451000 <src.EntryPoint> | 48 C7 C1 00 00 00 00 | mov rcx,0 |
000000013F451007 | 48 BA 00 30 45 3F 01 00 00 00 | movabs rdx,src.13F453000 | 13F453000:"Hello World!"
000000013F451011 | 49 B8 0D 30 45 3F 01 00 00 00 | movabs r8,src.13F45300D | 13F45300D:"Title"
000000013F45101B | 49 C7 C1 00 00 00 00 | mov r9,0 |
000000013F451022 | E8 13 00 00 00 | call <src.MessageBoxA> |
000000013F451027 | 48 C7 C1 00 00 00 00 | mov rcx,0 |
000000013F45102E | E8 01 00 00 00 | call <src.RtlExitUserProcess> |
000000013F451033 | CC | int3 |
000000013F451034 <src.RtlExitUserProcess | FF 25 C6 0F 00 00 | jmp qword ptr ds:[<&RtlExitUserProcess>] |
000000013F45103A <src.MessageBoxA> | FF 25 D0 0F 00 00 | jmp qword ptr ds:[<&MessageBoxA>] |
000000013F451040 | 00 00 | add byte ptr ds:[rax],al |
000000013F451042 | 00 00 | add byte ptr ds:[rax],al |
000000013F451044 | 00 00 | add byte ptr ds:[rax],al |

给有需要的人。

留言

2018-03-07

⬆︎TOP