1. Explain two methods to get the instruction pointer on x64. At least one of the methods must use RIP addressing.
lea rax,[rip]
call NextLine
NextLine:
pop eax
2. Perform a virtual-to-physical address translation on x64. Were there any major differences compared to x86?
There are many differences when performing virtual-to-physical address translation between x64 and x86. E.g. x86 has 4 sub sections which x64 have 5.
This blogpost that showed the differences.
Do note that you need to have kernel debugging setup using Windbg. Let me via comments if you have trouble with this step. I have tried kernel debugging via Windows host and VMware and OS X host and VM fusion. There are slight differences in configuring the vmx file.
Feel free to leave me comments for the answers above. :)
No comments:
Post a Comment