XMM Question
Posted: Wed Mar 15, 2017 9:55 am
How can I write what's in xmm1 into xmm1, like a loop or so, sort of a nop.
Code: Select all
[ENABLE]
aobscanmodule(aobAmber,Styx2-Win64-Shipping.exe,F3 0F 11 89 E0 03 00 00)
alloc(newmem,$100,"Styx2-Win64-Shipping.exe"+285D67)
label(code)
label(return)
newmem:
code:
movss [rcx+000003E0],xmm1
jmp return
aobAmber:
jmp newmem
nop
nop
nop
return:
registersymbol(aobAmber)
[DISABLE]
aobAmber:
db F3 0F 11 89 E0 03 00 00
unregistersymbol(aobAmber)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "Styx2-Win64-Shipping.exe"+285D67
"Styx2-Win64-Shipping.exe"+285D58: CC - int 3
"Styx2-Win64-Shipping.exe"+285D59: CC - int 3
"Styx2-Win64-Shipping.exe"+285D5A: CC - int 3
"Styx2-Win64-Shipping.exe"+285D5B: CC - int 3
"Styx2-Win64-Shipping.exe"+285D5C: CC - int 3
"Styx2-Win64-Shipping.exe"+285D5D: CC - int 3
"Styx2-Win64-Shipping.exe"+285D5E: CC - int 3
"Styx2-Win64-Shipping.exe"+285D5F: CC - int 3
"Styx2-Win64-Shipping.exe"+285D60: 0F 57 C0 - xorps xmm0,xmm0
"Styx2-Win64-Shipping.exe"+285D63: F3 0F 5F C8 - maxss xmm1,xmm0
// ---------- INJECTING HERE ----------
"Styx2-Win64-Shipping.exe"+285D67: F3 0F 11 89 E0 03 00 00 - movss [rcx+000003E0],xmm1
// ---------- DONE INJECTING ----------
"Styx2-Win64-Shipping.exe"+285D6F: C3 - ret
"Styx2-Win64-Shipping.exe"+285D70: 0F 57 C0 - xorps xmm0,xmm0
"Styx2-Win64-Shipping.exe"+285D73: F3 0F 5F C8 - maxss xmm1,xmm0
"Styx2-Win64-Shipping.exe"+285D77: F3 0F 11 89 DC 03 00 00 - movss [rcx+000003DC],xmm1
"Styx2-Win64-Shipping.exe"+285D7F: C3 - ret
"Styx2-Win64-Shipping.exe"+285D80: 8B 02 - mov eax,[rdx]
"Styx2-Win64-Shipping.exe"+285D82: 89 81 E4 03 00 00 - mov [rcx+000003E4],eax
"Styx2-Win64-Shipping.exe"+285D88: C3 - ret
"Styx2-Win64-Shipping.exe"+285D89: CC - int 3
"Styx2-Win64-Shipping.exe"+285D8A: CC - int 3
}