[BUGFIX] Fixed: 64bit stub using wrong register (Issue #1)

hasherezade · Oct 10, 2018 · dd5782c · dd5782c
1 parent 564102a
commit dd5782c
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 3 deletions.
diff --git a/dll_to_exe/main.cpp b/dll_to_exe/main.cpp
@@ -4,7 +4,7 @@
 #include "peconv.h"
 #include "pe_handler.h"
 
-#define VERSION "1.0"
+#define VERSION "1.1"
 
 int main(int argc, char *argv[])
 {

diff --git a/dll_to_exe/pe_handler.cpp b/dll_to_exe/pe_handler.cpp
@@ -48,11 +48,11 @@ bool PeHandler::dllToExePatch()
 
     BYTE back_stub64[] = {
         0x65, 0x48, 0x8B, 0x0C, 0x25, 0x60, 0x00, 0x00, 0x00, // mov rcx,qword ptr gs:[0x60]
-        0x48, 0x8B, 0x4E, 0x10, // mov rcx,qword ptr ds:[rsi+10]
+        0x48, 0x8B, 0x49, 0x10, // mov rcx,qword ptr ds:[rcx+10]
         0x48, 0x8B, 0xF9, // mov rdi, rcx
         0xBA, 0x01, 0x00, 0x00, 0x00, // mov edx, 1
         0x48, 0x8B, 0xDA, // mov rbx, rdx
-        0x4C, 0x8B, 0xC0, // mov r8, rax
+        0x4D, 0x31, 0xC0, // xor r8, r8
         0xE9, 0xDE, 0xAD, 0xF0, 0x0D, //jmp [ep]
         0xC3 //ret
     };