sl4v/get_bait_code.c

## get_bait_code.c
int get_bait_code(uint8_t * trampoline_code_out, uint64_t addr) {
	uint8_t trampoline_code[] =
	{
		0x68, 0x44, 0x33, 0x22, 0x11, // push 0x11223344
		0xc7, 0x44, 0x24, 0x04, 0x88, 0x77, 0x66, 0x55, //mov dword ptr [rsp+4], 0x55667788
		0xc3 //ret
	};

	uint32_t addr_right = (uint32_t)(addr & 0xffffffff);
	uint32_t addr_left = (uint32_t)((addr & 0xffffffff00000000) >> 32);

	*(uint32_t *)&trampoline_code[1] = addr_right;
	*(uint32_t *)&trampoline_code[9] = addr_left;

	memcpy(trampoline_code_out, trampoline_code, sizeof(trampoline_code));

	return 0;
}
	int get_bait_code(uint8_t * trampoline_code_out, uint64_t addr) {
	uint8_t trampoline_code[] =
	{
	0x68, 0x44, 0x33, 0x22, 0x11, // push 0x11223344
	0xc7, 0x44, 0x24, 0x04, 0x88, 0x77, 0x66, 0x55, //mov dword ptr [rsp+4], 0x55667788
	0xc3 //ret
	};

	uint32_t addr_right = (uint32_t)(addr & 0xffffffff);
	uint32_t addr_left = (uint32_t)((addr & 0xffffffff00000000) >> 32);

	(uint32_t )&trampoline_code[1] = addr_right;
	(uint32_t )&trampoline_code[9] = addr_left;

	memcpy(trampoline_code_out, trampoline_code, sizeof(trampoline_code));

	return 0;
	}