Update README.md

2.0
_xeroxz 4 years ago
parent e900a30269
commit dfe22d54f8

@ -639,6 +639,60 @@ ffff998b`c5369e74 ff2500000000 jmp qword ptr [ffff998b`c5369e7a]
As you can see above, this is what Theo generates for JCC's. Also note that this clang compiler does not generate RIP relative LEA's or CALL's. The only RIP relative stuff Theo deals with are JCC's. As you can see above, this is what Theo generates for JCC's. Also note that this clang compiler does not generate RIP relative LEA's or CALL's. The only RIP relative stuff Theo deals with are JCC's.
The instructions for `LoopDemo` now look like this in memory:
```
ffff998b`c5369da0 4883ec28 sub rsp,28h
ffff998b`c5369da4 ff2500000000 jmp qword ptr [ffff998b`c5369daa]
...
ffff998b`c5369de0 c74424...... mov dword ptr [rsp+24h],0
ffff998b`c5369de8 ff2500000000 jmp qword ptr [ffff998b`c5369dee]
...
ffff998b`c5369e20 837c24240a cmp dword ptr [rsp+24h],0Ah
ffff998b`c5369e25 ff2500000000 jmp qword ptr [ffff998b`c5369e2b]
...
ffff998b`c5369e60 0f830e000000 jae ffff998b`c5369e74
ffff998b`c5369e66 ff2500000000 jmp qword ptr [ffff998b`c5369e6c]
ffff998b`c5369e74 ff2500000000 jmp qword ptr [ffff998b`c5369e7a]
...
ffff998b`c5369eb0 8b542424 mov edx,dword ptr [rsp+24h]
ffff998b`c5369eb4 ff2500000000 jmp qword ptr [ffff998b`c5369eba]
...
ffff998b`c5369ef0 48b9........ mov rcx,0FFFF998BC5364FA0h ; "> Loop Demo: %d\n"
ffff998b`c5369efa ff2500000000 jmp qword ptr [ffff998b`c5369f00]
...
ffff998b`c5369f30 48b8........ mov rax,offset nt!DbgPrint (fffff803`6a750f60)
ffff998b`c5369f3a ff2500000000 jmp qword ptr [ffff998b`c5369f40]
...
ffff998b`c5369f70 ffd0 call rax
ffff998b`c5369f72 ff2500000000 jmp qword ptr [ffff998b`c5369f78]
...
ffff998b`c5369fa0 8b442424 mov eax,dword ptr [rsp+24h]
ffff998b`c5369fa4 ff2500000000 jmp qword ptr [ffff998b`c5369faa]
...
ffff998b`c5368ba0 83c001 add eax,1
ffff998b`c5368ba3 ff2500000000 jmp qword ptr [ffff998b`c5368ba9]
```
### Usermode Example ### Usermode Example
# License - BSD 3-Clause # License - BSD 3-Clause

Loading…
Cancel
Save