Need some help with x86 assembly

MODRM_EAX_06 MACRO   ;/* [EAX], with reg/opcode: /6 */ 
    BYTE    030h 
ENDM 

What does byte 030h do ?

For additional info this macro is used in

void vmxPtrld(u64 addr) 
VmxPtrld PROC StdCall _ad开发者_如何转开发dr_low,_addr_high 
mov eax,8 
add eax,ebp 
vmx_ptrld 
MODRM_EAX_06 
ret 
VmxPtrld ENDP 

I just want to understand what the macro does in the following code?

Many opcodes are followed by a ModR/M byte, which is split into 3 portions: the top two bits are "Mod", the next three are "Reg", and the bottom three are "R/M".

The combination of the "Mod" and "R/M" portions specify a register and addressing mode; the "Reg" portion may specify another register, or, in some cases, may specify a further extension to the opcode.

In this case, the ModR/M byte looks like this:

    0 0 1 1 0 0 0 0
    \_/ \___/ \___/
    Mod  Reg   R/M

Mod bits of 00 and R/M bits of 000 mean an addressing mode of [EAX] (in 32-bit mode).

The remaining Reg bits are 6 in decimal. Hence MODRM_EAX_06.

To fully understand what is going on in your example, you need to know what the vmx_ptrld macro does. Assuming that this is indeed what @sixlettervariables found, vmx_ptrld produces bytes 0F C7.

0F is the first byte of a two-byte opcode. In many cases, the next byte will complete the opcode; but C7 indicates that further bits must be read from the Reg field of the ModR/M byte to determine what the opcode is. So the final opcode is 0F followed by C7 followed by the 6 from the Reg field of the ModR/M byte, written as 0F C7 /6 in Intel's manuals (which can be found here).

0F C7 /6 is VMPTRLD, so the real meaning of your routine is:

mov eax,8 
add eax,ebp 
vmptrld [eax]
ret 

Presumably it has been written like this for the benefit of old assemblers which do not understand the (relatively recent) VMX instructions.

It looks like they're using this to generate instructions, and this is a mod r/m byte of an instruction.

Looking at bluepill (which I guess is the code the OP is asking about), vmx_ptrld is also a macro, so

vmx_ptrld
MODRM_EAX_06

is a single instruction, MODRM_EAX_06 being the data for the instruction.

Rationale: bluepill is a PoC exploit for virtualization. When it was written, apparently the assembler that was used didn't yet support virtualization-related instructions, so they got coded inline via macros.