parse86.h


The file parse86.h has been added to support the parsing of an Intel x86 instruction. This capability is required by the trampoline function. Three functions are defined in this file:

  • transferInstruction–Gets bytes to parse into an x86 instruction

  • isJump–Checks for all types of jump instructions

  • getNextInstruction–Gets more bytes to parse into an x86 instruction

  // Copyright Ric Vieler, 2006 // Support header for parse86.c #ifndef _USER_HOOK_PARSE_H_ #define _USER_HOOK_PARSE_H_ #include "ghost.h" #pragma optimize( "", off ) #define IS_BETWEEN(x,mn,mx) ((x)>=(mn)&&(x)<=(mx)) #define IS_EQUAL(x,ix) ((x)==(ix)) #define TARGETLESS_X86INSTRUCTION ((PBYTE)0) #define DYNAMIC_X86INSTRUCTION ((PBYTE)~0ul) PBYTE transferInstruction( PBYTE destination, PBYTE source, PBYTE* jumpAddress, LONG* extra ); BOOL isJump( PCHAR instruction, ULONG instructionLength ); ULONG getNextInstruction( PCHAR pCodeSrc, ULONG ulMinBytes, PCHAR pDstBuffer, ULONG ulBufferLen ); #pragma optimize( "", on ) #endif 




Professional Rootkits
Professional Rootkits (Programmer to Programmer)
ISBN: 0470101547
EAN: 2147483647
Year: 2007
Pages: 229
Authors: Ric Vieler

Similar book on Amazon
Rootkits: Subverting the Windows Kernel
Rootkits: Subverting the Windows Kernel
A Guide to Kernel Exploitation: Attacking the Core
A Guide to Kernel Exploitation: Attacking the Core
Reversing: Secrets of Reverse Engineering
Reversing: Secrets of Reverse Engineering
Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code
Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net