On 8/8/23 07:17, Yeqi Fu wrote:
+#if defined(i386) || defined(x86_64)
+/*
+ * An unused instruction is utilized to mark a native call.
+ */
+#define __CALL_EXPR ".byte 0x0f, 0xff;"
+#endif
This is 2 of the 3 (or more) bytes of the UD0 instruction.
At minimum you should include a third byte for the modrm.
For example,
0F FF C0 ud0 %eax, %eax
If you want to encode more data, or simply magic numbers, you can use
0F FF 80
78 56 34 12 ud0 0x12345678(%eax), %eax
or with modrm + sib bytes,
0F FF 84 00
78 56 34 12 ud0 0x12345678(%eax, %eax, 0), %eax
So you have up to 32 (displacement) + 3 * 3 (registers) + 2 (shift) = 43 bits that you can
vary while staying within the encoding of UD0.
You can even have the assembler help encode a displacement to associated data:
.text
0: ud0 label-0b(%eax), %eax
.rodata
label: .byte some stuff
r~
