ip75 · November 1, 2022 17:09
diff --git a/0ring.asm b/0ring.asm
 format PE64 GUI 5.0

 include 'WIN64WX.INC'

 section '.data' data readable writeable
  _start        TCHAR 'lets start the game...',0
  _ring0        TCHAR 'We are in ring 0',0
  _system_lstar dq    0

 section '.code' code readable executable

 MSR_LSTAR = 0xc0000082

 entry $
        lea     rsi,[_start]
        call    _echo

        mov     ecx, MSR_LSTAR

        ; This instruction must be executed at privilege level 0 or in real-address mode; otherwise, a general protection exception #GP(0) will be generated.
        ; Specifying a reserved or unimplemented MSR address in ECX will also cause a general protection exception.
        rdmsr   ; EDX:EAX <- MSR[ECX]
        mov     ebx, edx
        shl     rbx, 32
        mov     ebx, eax

        mov     [_system_lstar], rbx

        lea     rbx, [_ring0proc]
        mov     eax, ebx
        shr     rbx, 32
        mov     edx, ebx
        wrmsr   ; EDX:EAX -> MSR[ECX];
        syscall

        mov     rax, 0x3c    ; syscall 3c is exit
        syscall              ; make the system call

 _ring0proc:
        lea     rsi,[_ring0]
        call    _echo
        sysret

 _echo:
    push    rdi
    push    rcx
    push    rax

    ; calculate the length of string
    mov     rdi, rsi            ; string1 to destination index
    xor     rcx, rcx            ; zero rcx
    not     rcx                 ; set rcx = -1
    xor     al,al               ; zero the al register (initialize to NUL)
    cld                         ; clear the direction flag
    repnz   scasb               ; get the string length (dec rcx through NUL)
    not     rcx                 ; rev all bits of negative results in absolute value
    dec     rcx                 ; -1 to skip the null-terminator, rcx contains length
    mov     rdx, rcx

    mov     rax, 0x1     ; syscall 1 is write
    mov     rdi, 0x1     ; stdout has a file descriptor of 1
    syscall              ; make the system call

    pop     rax
    pop     rcx
    pop     rdi
    ret
	format PE64 GUI 5.0

	include 'WIN64WX.INC'

	section '.data' data readable writeable
	_start TCHAR 'lets start the game...',0
	_ring0 TCHAR 'We are in ring 0',0
	_system_lstar dq 0

	section '.code' code readable executable

	MSR_LSTAR = 0xc0000082

	entry $
	lea rsi,[_start]
	call _echo

	mov ecx, MSR_LSTAR

	; This instruction must be executed at privilege level 0 or in real-address mode; otherwise, a general protection exception #GP(0) will be generated.
	; Specifying a reserved or unimplemented MSR address in ECX will also cause a general protection exception.
	rdmsr ; EDX:EAX <- MSR[ECX]
	mov ebx, edx
	shl rbx, 32
	mov ebx, eax

	mov [_system_lstar], rbx

	lea rbx, [_ring0proc]
	mov eax, ebx
	shr rbx, 32
	mov edx, ebx
	wrmsr ; EDX:EAX -> MSR[ECX];
	syscall

	mov rax, 0x3c ; syscall 3c is exit
	syscall ; make the system call

	_ring0proc:
	lea rsi,[_ring0]
	call _echo
	sysret

	_echo:
	push rdi
	push rcx
	push rax

	; calculate the length of string
	mov rdi, rsi ; string1 to destination index
	xor rcx, rcx ; zero rcx
	not rcx ; set rcx = -1
	xor al,al ; zero the al register (initialize to NUL)
	cld ; clear the direction flag
	repnz scasb ; get the string length (dec rcx through NUL)
	not rcx ; rev all bits of negative results in absolute value
	dec rcx ; -1 to skip the null-terminator, rcx contains length
	mov rdx, rcx

	mov rax, 0x1 ; syscall 1 is write
	mov rdi, 0x1 ; stdout has a file descriptor of 1
	syscall ; make the system call

	pop rax
	pop rcx
	pop rdi
	ret