What's the alternative of __declspec (naked)?

334 Views Asked by LisnX At 12 April 2023 at 15:36

I'm learning dll injection these days. There is my code:

__declspec(naked) void codecave() {
    __asm {
        pushad
        mov dword ptr ds : [ebx + 4] , 0xD
        popad
        mov dword ptr ds : [0x102AE98] , ebx
        jmp ret_address
    }
}

I used the key-word __declspec (naked) to avoiding the side-effect on stack(intend not to create stack frame). But When I tried to port it to x64, it was totally different.__declspec (naked) is disabled on x64. And I find inline assembly is also disabled on x64.

I find that I can use MASM to write assembly code. But what's the alternative solution of __declspec (naked) to avoid the side-effect on stack when making dll injection?

Original Q&A

There are 1 best solutions below

LisnX On 13 April 2023 at 05:03

I find the solution! In VS2022 based on x64, we can install clang instead of the MSVC. Then we can use _asm to write inline assembly code. As for naked keyword. I find that we can use __fastcall to force the program to pass the first 2 params using registers instead of adding stack frame(but only first 2). By doing this we can avoid side-effect of dll injection!

What's the alternative of __declspec (naked)?

There are 1 best solutions below

Related Questions in C++

Related Questions in MASM

Related Questions in DLL-INJECTION

Trending Questions

Popular # Hahtags

Popular Questions