diff options
| author | Your Name <you@example.com> | 2022-07-08 18:22:05 +0100 |
|---|---|---|
| committer | Your Name <you@example.com> | 2022-07-08 18:22:05 +0100 |
| commit | 3d2a095f2eb26f08af7f225f195b8005b99978b1 (patch) | |
| tree | 468e7271dd40f40b2046e62df980f11ca7bb6ebb | |
| parent | e21738a24852e0ed9b346c28aeb4132a34d5b7cc (diff) | |
| download | afl++-3d2a095f2eb26f08af7f225f195b8005b99978b1.tar.gz | |
Updated FRIDA version
| -rw-r--r-- | frida_mode/GNUmakefile | 2 | ||||
| -rw-r--r-- | frida_mode/src/instrument/instrument_x64_cache.c | 60 | ||||
| -rw-r--r-- | frida_mode/src/persistent/persistent_arm64.c | 36 | ||||
| -rw-r--r-- | frida_mode/src/persistent/persistent_x64.c | 168 | ||||
| -rw-r--r-- | frida_mode/src/persistent/persistent_x86.c | 134 |
5 files changed, 182 insertions, 218 deletions
diff --git a/frida_mode/GNUmakefile b/frida_mode/GNUmakefile index 014dcca5..9c37cfa3 100644 --- a/frida_mode/GNUmakefile +++ b/frida_mode/GNUmakefile @@ -116,7 +116,7 @@ ifndef OS $(error "Operating system unsupported") endif -GUM_DEVKIT_VERSION=15.1.22 +GUM_DEVKIT_VERSION=15.1.27 GUM_DEVKIT_FILENAME=frida-gumjs-devkit-$(GUM_DEVKIT_VERSION)-$(OS)-$(ARCH).tar.xz GUM_DEVKIT_URL="https://github.com/frida/frida/releases/download/$(GUM_DEVKIT_VERSION)/$(GUM_DEVKIT_FILENAME)" diff --git a/frida_mode/src/instrument/instrument_x64_cache.c b/frida_mode/src/instrument/instrument_x64_cache.c index 3ea4421a..f9901e2f 100644 --- a/frida_mode/src/instrument/instrument_x64_cache.c +++ b/frida_mode/src/instrument/instrument_x64_cache.c @@ -225,8 +225,8 @@ static void instrument_cache_rewrite_branch_insn(const cs_insn * instr, } else { GumAddress target = instr->address + old_offset; - gum_x86_writer_put_mov_reg_address(cw, GUM_REG_RAX, target); - gum_x86_writer_put_mov_reg_reg_ptr(cw, GUM_REG_RAX, GUM_REG_RAX); + gum_x86_writer_put_mov_reg_address(cw, GUM_X86_RAX, target); + gum_x86_writer_put_mov_reg_reg_ptr(cw, GUM_X86_RAX, GUM_X86_RAX); return; } @@ -249,29 +249,29 @@ static void instrument_cache_rewrite_branch_insn(const cs_insn * instr, static void instrument_cache_write_push_frame(GumX86Writer *cw) { gum_x86_writer_put_mov_reg_offset_ptr_reg( - cw, GUM_REG_XSP, -(GUM_RED_ZONE_SIZE + (1 * sizeof(gpointer))), - GUM_REG_XAX); + cw, GUM_X86_XSP, -(GUM_RED_ZONE_SIZE + (1 * sizeof(gpointer))), + GUM_X86_XAX); gum_x86_writer_put_lahf(cw); gum_x86_writer_put_mov_reg_offset_ptr_reg( - cw, GUM_REG_XSP, -(GUM_RED_ZONE_SIZE + (2 * sizeof(gpointer))), - GUM_REG_XAX); + cw, GUM_X86_XSP, -(GUM_RED_ZONE_SIZE + (2 * sizeof(gpointer))), + GUM_X86_XAX); gum_x86_writer_put_mov_reg_offset_ptr_reg( - cw, GUM_REG_XSP, -(GUM_RED_ZONE_SIZE + (3 * sizeof(gpointer))), - GUM_REG_XBX); + cw, GUM_X86_XSP, -(GUM_RED_ZONE_SIZE + (3 * sizeof(gpointer))), + GUM_X86_XBX); } static void instrument_cache_write_pop_frame(GumX86Writer *cw) { gum_x86_writer_put_mov_reg_reg_offset_ptr( - cw, GUM_REG_XBX, GUM_REG_XSP, + cw, GUM_X86_XBX, GUM_X86_XSP, -(GUM_RED_ZONE_SIZE + (3 * sizeof(gpointer)))); gum_x86_writer_put_mov_reg_reg_offset_ptr( - cw, GUM_REG_XAX, GUM_REG_XSP, + cw, GUM_X86_XAX, GUM_X86_XSP, -(GUM_RED_ZONE_SIZE + (2 * sizeof(gpointer)))); gum_x86_writer_put_sahf(cw); gum_x86_writer_put_mov_reg_reg_offset_ptr( - cw, GUM_REG_XAX, GUM_REG_XSP, + cw, GUM_X86_XAX, GUM_X86_XSP, -(GUM_RED_ZONE_SIZE + (1 * sizeof(gpointer)))); } @@ -281,14 +281,14 @@ static void instrument_cache_write_lookup(GumX86Writer *cw) { /* &map_base[GPOINTER_TO_SIZE(addr) & MAP_MASK]; */ gsize mask = (instrument_cache_size / sizeof(gpointer)) - 1; - gum_x86_writer_put_mov_reg_u64(cw, GUM_REG_XBX, mask); - gum_x86_writer_put_and_reg_reg(cw, GUM_REG_XAX, GUM_REG_XBX); - gum_x86_writer_put_shl_reg_u8(cw, GUM_REG_XAX, util_log2(sizeof(gpointer))); - gum_x86_writer_put_mov_reg_u64(cw, GUM_REG_XBX, GPOINTER_TO_SIZE(map_base)); - gum_x86_writer_put_add_reg_reg(cw, GUM_REG_XAX, GUM_REG_XBX); + gum_x86_writer_put_mov_reg_u64(cw, GUM_X86_XBX, mask); + gum_x86_writer_put_and_reg_reg(cw, GUM_X86_XAX, GUM_X86_XBX); + gum_x86_writer_put_shl_reg_u8(cw, GUM_X86_XAX, util_log2(sizeof(gpointer))); + gum_x86_writer_put_mov_reg_u64(cw, GUM_X86_XBX, GPOINTER_TO_SIZE(map_base)); + gum_x86_writer_put_add_reg_reg(cw, GUM_X86_XAX, GUM_X86_XBX); /* Read the return address lookup */ - gum_x86_writer_put_mov_reg_reg_ptr(cw, GUM_REG_XAX, GUM_REG_XAX); + gum_x86_writer_put_mov_reg_reg_ptr(cw, GUM_X86_XAX, GUM_X86_XAX); } @@ -315,7 +315,7 @@ void instrument_cache_jmp_call(const cs_insn *instr, GumStalkerOutput *output) { * red-zone. */ gum_x86_writer_put_mov_reg_reg_offset_ptr( - cw, GUM_REG_XAX, GUM_REG_XSP, + cw, GUM_X86_XAX, GUM_X86_XSP, -(GUM_RED_ZONE_SIZE + (1 * sizeof(gpointer)))); instrument_cache_rewrite_branch_insn(instr, output); @@ -323,33 +323,33 @@ void instrument_cache_jmp_call(const cs_insn *instr, GumStalkerOutput *output) { instrument_cache_write_lookup(cw); /* Test if its set*/ - gum_x86_writer_put_cmp_reg_i32(cw, GUM_REG_XAX, INVALID); + gum_x86_writer_put_cmp_reg_i32(cw, GUM_X86_XAX, INVALID); gum_x86_writer_put_jcc_short_label(cw, X86_INS_JLE, null, GUM_UNLIKELY); /* If it's set, then stash the address beyond the red-zone */ gum_x86_writer_put_mov_reg_offset_ptr_reg( - cw, GUM_REG_XSP, -(GUM_RED_ZONE_SIZE + (4 * sizeof(gpointer))), - GUM_REG_XAX); + cw, GUM_X86_XSP, -(GUM_RED_ZONE_SIZE + (4 * sizeof(gpointer))), + GUM_X86_XAX); if (instr->id == X86_INS_JMP) { instrument_cache_write_pop_frame(cw); gum_x86_writer_put_jmp_reg_offset_ptr( - cw, GUM_REG_XSP, -(GUM_RED_ZONE_SIZE + (4 * sizeof(gpointer)))); + cw, GUM_X86_XSP, -(GUM_RED_ZONE_SIZE + (4 * sizeof(gpointer)))); } else { gum_x86_writer_put_mov_reg_address( - cw, GUM_REG_XAX, GUM_ADDRESS(instr->address + instr->size)); - gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_XSP, - -sizeof(gpointer), GUM_REG_XAX); + cw, GUM_X86_XAX, GUM_ADDRESS(instr->address + instr->size)); + gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_X86_XSP, + -sizeof(gpointer), GUM_X86_XAX); instrument_cache_write_pop_frame(cw); - gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_XSP, GUM_REG_XSP, + gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_X86_XSP, GUM_X86_XSP, -sizeof(gpointer)); gum_x86_writer_put_jmp_reg_offset_ptr( - cw, GUM_REG_XSP, -(GUM_RED_ZONE_SIZE + ((4 - 1) * sizeof(gpointer)))); + cw, GUM_X86_XSP, -(GUM_RED_ZONE_SIZE + ((4 - 1) * sizeof(gpointer)))); } @@ -381,16 +381,16 @@ void instrument_cache_ret(const cs_insn *instr, GumStalkerOutput *output) { instrument_cache_write_push_frame(cw); - gum_x86_writer_put_mov_reg_reg_ptr(cw, GUM_REG_XAX, GUM_REG_XSP); + gum_x86_writer_put_mov_reg_reg_ptr(cw, GUM_X86_XAX, GUM_X86_XSP); instrument_cache_write_lookup(cw); /* Test if its set*/ - gum_x86_writer_put_cmp_reg_i32(cw, GUM_REG_XAX, INVALID); + gum_x86_writer_put_cmp_reg_i32(cw, GUM_X86_XAX, INVALID); gum_x86_writer_put_jcc_short_label(cw, X86_INS_JLE, null, GUM_UNLIKELY); /* If it's set, then overwrite our return address and return */ - gum_x86_writer_put_mov_reg_ptr_reg(cw, GUM_REG_XSP, GUM_REG_XAX); + gum_x86_writer_put_mov_reg_ptr_reg(cw, GUM_X86_XSP, GUM_X86_XAX); instrument_cache_write_pop_frame(cw); if (n == 0) { diff --git a/frida_mode/src/persistent/persistent_arm64.c b/frida_mode/src/persistent/persistent_arm64.c index 16ecf39c..fbfc3833 100644 --- a/frida_mode/src/persistent/persistent_arm64.c +++ b/frida_mode/src/persistent/persistent_arm64.c @@ -105,18 +105,12 @@ static void instrument_persitent_save_regs(GumArm64Writer * cw, offsetof(persistent_ctx_t, rflags)); /* Q */ - gum_arm64_writer_put_stp_reg_reg_reg_offset( - cw, ARM64_REG_Q0, ARM64_REG_Q1, ARM64_REG_X0, - offsetof(GumCpuContext, q[0]), GUM_INDEX_SIGNED_OFFSET); - gum_arm64_writer_put_stp_reg_reg_reg_offset( - cw, ARM64_REG_Q2, ARM64_REG_Q3, ARM64_REG_X0, - offsetof(GumCpuContext, q[16]), GUM_INDEX_SIGNED_OFFSET); - gum_arm64_writer_put_stp_reg_reg_reg_offset( - cw, ARM64_REG_Q4, ARM64_REG_Q5, ARM64_REG_X0, - offsetof(GumCpuContext, q[32]), GUM_INDEX_SIGNED_OFFSET); - gum_arm64_writer_put_stp_reg_reg_reg_offset( - cw, ARM64_REG_Q6, ARM64_REG_Q7, ARM64_REG_X0, - offsetof(GumCpuContext, q[48]), GUM_INDEX_SIGNED_OFFSET); + for (int i = 0; i < 16; i++) { + gum_arm64_writer_put_stp_reg_reg_reg_offset( + cw, ARM64_REG_Q0 + (i*2), ARM64_REG_Q0 + (i*2) + 1, ARM64_REG_X0, + offsetof(GumCpuContext, v[i]), GUM_INDEX_SIGNED_OFFSET); + } + /* x0 & x1 */ gum_arm64_writer_put_ldp_reg_reg_reg_offset(cw, ARM64_REG_X2, ARM64_REG_X3, @@ -201,18 +195,12 @@ static void instrument_persitent_restore_regs(GumArm64Writer * cw, offsetof(persistent_ctx_t, rflags)); gum_arm64_writer_put_instruction(cw, msr_nzcv_x1); - gum_arm64_writer_put_ldp_reg_reg_reg_offset( - cw, ARM64_REG_Q0, ARM64_REG_Q1, ARM64_REG_X0, - offsetof(GumCpuContext, q[0]), GUM_INDEX_SIGNED_OFFSET); - gum_arm64_writer_put_ldp_reg_reg_reg_offset( - cw, ARM64_REG_Q2, ARM64_REG_Q3, ARM64_REG_X0, - offsetof(GumCpuContext, q[16]), GUM_INDEX_SIGNED_OFFSET); - gum_arm64_writer_put_ldp_reg_reg_reg_offset( - cw, ARM64_REG_Q4, ARM64_REG_Q5, ARM64_REG_X0, - offsetof(GumCpuContext, q[32]), GUM_INDEX_SIGNED_OFFSET); - gum_arm64_writer_put_ldp_reg_reg_reg_offset( - cw, ARM64_REG_Q6, ARM64_REG_Q7, ARM64_REG_X0, - offsetof(GumCpuContext, q[48]), GUM_INDEX_SIGNED_OFFSET); + /* Q */ + for (int i = 0; i < 16; i++) { + gum_arm64_writer_put_ldp_reg_reg_reg_offset( + cw, ARM64_REG_Q0 + (i*2), ARM64_REG_Q0 + (i*2) + 1, ARM64_REG_X0, + offsetof(GumCpuContext, v[i]), GUM_INDEX_SIGNED_OFFSET); + } /* x2 & x3 */ gum_arm64_writer_put_ldp_reg_reg_reg_offset( diff --git a/frida_mode/src/persistent/persistent_x64.c b/frida_mode/src/persistent/persistent_x64.c index 56141787..8ec9204f 100644 --- a/frida_mode/src/persistent/persistent_x64.c +++ b/frida_mode/src/persistent/persistent_x64.c @@ -29,74 +29,74 @@ static void instrument_persitent_save_regs(GumX86Writer * cw, persistent_ctx_t *regs) { GumAddress regs_address = GUM_ADDRESS(regs); - gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP, + gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_X86_RSP, GUM_X86_RSP, -(GUM_RED_ZONE_SIZE)); /* Should be pushing FPU here, but meh */ gum_x86_writer_put_pushfx(cw); - gum_x86_writer_put_push_reg(cw, GUM_REG_RAX); + gum_x86_writer_put_push_reg(cw, GUM_X86_RAX); - gum_x86_writer_put_mov_reg_address(cw, GUM_REG_RAX, regs_address); + gum_x86_writer_put_mov_reg_address(cw, GUM_X86_RAX, regs_address); gum_x86_writer_put_mov_reg_offset_ptr_reg( - cw, GUM_REG_RAX, offsetof(GumCpuContext, rbx), GUM_REG_RBX); + cw, GUM_X86_RAX, offsetof(GumCpuContext, rbx), GUM_X86_RBX); gum_x86_writer_put_mov_reg_offset_ptr_reg( - cw, GUM_REG_RAX, offsetof(GumCpuContext, rcx), GUM_REG_RCX); + cw, GUM_X86_RAX, offsetof(GumCpuContext, rcx), GUM_X86_RCX); gum_x86_writer_put_mov_reg_offset_ptr_reg( - cw, GUM_REG_RAX, offsetof(GumCpuContext, rdx), GUM_REG_RDX); + cw, GUM_X86_RAX, offsetof(GumCpuContext, rdx), GUM_X86_RDX); gum_x86_writer_put_mov_reg_offset_ptr_reg( - cw, GUM_REG_RAX, offsetof(GumCpuContext, rdi), GUM_REG_RDI); + cw, GUM_X86_RAX, offsetof(GumCpuContext, rdi), GUM_X86_RDI); gum_x86_writer_put_mov_reg_offset_ptr_reg( - cw, GUM_REG_RAX, offsetof(GumCpuContext, rsi), GUM_REG_RSI); + cw, GUM_X86_RAX, offsetof(GumCpuContext, rsi), GUM_X86_RSI); gum_x86_writer_put_mov_reg_offset_ptr_reg( - cw, GUM_REG_RAX, offsetof(GumCpuContext, rbp), GUM_REG_RBP); + cw, GUM_X86_RAX, offsetof(GumCpuContext, rbp), GUM_X86_RBP); gum_x86_writer_put_mov_reg_offset_ptr_reg( - cw, GUM_REG_RAX, offsetof(GumCpuContext, r8), GUM_REG_R8); + cw, GUM_X86_RAX, offsetof(GumCpuContext, r8), GUM_X86_R8); gum_x86_writer_put_mov_reg_offset_ptr_reg( - cw, GUM_REG_RAX, offsetof(GumCpuContext, r9), GUM_REG_R9); + cw, GUM_X86_RAX, offsetof(GumCpuContext, r9), GUM_X86_R9); gum_x86_writer_put_mov_reg_offset_ptr_reg( - cw, GUM_REG_RAX, offsetof(GumCpuContext, r10), GUM_REG_R10); + cw, GUM_X86_RAX, offsetof(GumCpuContext, r10), GUM_X86_R10); gum_x86_writer_put_mov_reg_offset_ptr_reg( - cw, GUM_REG_RAX, offsetof(GumCpuContext, r11), GUM_REG_R11); + cw, GUM_X86_RAX, offsetof(GumCpuContext, r11), GUM_X86_R11); gum_x86_writer_put_mov_reg_offset_ptr_reg( - cw, GUM_REG_RAX, offsetof(GumCpuContext, r12), GUM_REG_R12); + cw, GUM_X86_RAX, offsetof(GumCpuContext, r12), GUM_X86_R12); gum_x86_writer_put_mov_reg_offset_ptr_reg( - cw, GUM_REG_RAX, offsetof(GumCpuContext, r13), GUM_REG_R13); + cw, GUM_X86_RAX, offsetof(GumCpuContext, r13), GUM_X86_R13); gum_x86_writer_put_mov_reg_offset_ptr_reg( - cw, GUM_REG_RAX, offsetof(GumCpuContext, r14), GUM_REG_R14); + cw, GUM_X86_RAX, offsetof(GumCpuContext, r14), GUM_X86_R14); gum_x86_writer_put_mov_reg_offset_ptr_reg( - cw, GUM_REG_RAX, offsetof(GumCpuContext, r15), GUM_REG_R15); + cw, GUM_X86_RAX, offsetof(GumCpuContext, r15), GUM_X86_R15); /* Store RIP */ - gum_x86_writer_put_mov_reg_address(cw, GUM_REG_RBX, + gum_x86_writer_put_mov_reg_address(cw, GUM_X86_RBX, GUM_ADDRESS(persistent_start)); gum_x86_writer_put_mov_reg_offset_ptr_reg( - cw, GUM_REG_RAX, offsetof(GumCpuContext, rip), GUM_REG_RBX); + cw, GUM_X86_RAX, offsetof(GumCpuContext, rip), GUM_X86_RBX); /* Store adjusted RSP */ - gum_x86_writer_put_mov_reg_reg(cw, GUM_REG_RBX, GUM_REG_RSP); + gum_x86_writer_put_mov_reg_reg(cw, GUM_X86_RBX, GUM_X86_RSP); /* RED_ZONE + Saved flags, RAX, alignment */ - gum_x86_writer_put_add_reg_imm(cw, GUM_REG_RBX, + gum_x86_writer_put_add_reg_imm(cw, GUM_X86_RBX, GUM_RED_ZONE_SIZE + (0x8 * 2)); gum_x86_writer_put_mov_reg_offset_ptr_reg( - cw, GUM_REG_RAX, offsetof(GumCpuContext, rsp), GUM_REG_RBX); + cw, GUM_X86_RAX, offsetof(GumCpuContext, rsp), GUM_X86_RBX); /* Save the flags */ - gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RBX, GUM_REG_RSP, 0x8); + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_RBX, GUM_X86_RSP, 0x8); gum_x86_writer_put_mov_reg_offset_ptr_reg( - cw, GUM_REG_RAX, offsetof(persistent_ctx_t, rflags), GUM_REG_RBX); + cw, GUM_X86_RAX, offsetof(persistent_ctx_t, rflags), GUM_X86_RBX); /* Save the RAX */ - gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RBX, GUM_REG_RSP, 0x0); + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_RBX, GUM_X86_RSP, 0x0); gum_x86_writer_put_mov_reg_offset_ptr_reg( - cw, GUM_REG_RAX, offsetof(GumCpuContext, rax), GUM_REG_RBX); + cw, GUM_X86_RAX, offsetof(GumCpuContext, rax), GUM_X86_RBX); /* Pop the saved values */ - gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP, 0x10); + gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_X86_RSP, GUM_X86_RSP, 0x10); - gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP, + gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_X86_RSP, GUM_X86_RSP, (GUM_RED_ZONE_SIZE)); } @@ -105,68 +105,68 @@ static void instrument_persitent_restore_regs(GumX86Writer * cw, persistent_ctx_t *regs) { GumAddress regs_address = GUM_ADDRESS(regs); - gum_x86_writer_put_mov_reg_address(cw, GUM_REG_RAX, regs_address); + gum_x86_writer_put_mov_reg_address(cw, GUM_X86_RAX, regs_address); - gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RCX, GUM_REG_RAX, + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_RCX, GUM_X86_RAX, offsetof(GumCpuContext, rcx)); - gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RDX, GUM_REG_RAX, + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_RDX, GUM_X86_RAX, offsetof(GumCpuContext, rdx)); - gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RDI, GUM_REG_RAX, + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_RDI, GUM_X86_RAX, offsetof(GumCpuContext, rdi)); - gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RSI, GUM_REG_RAX, + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_RSI, GUM_X86_RAX, offsetof(GumCpuContext, rsi)); - gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RBP, GUM_REG_RAX, + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_RBP, GUM_X86_RAX, offsetof(GumCpuContext, rbp)); - gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_R8, GUM_REG_RAX, + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_R8, GUM_X86_RAX, offsetof(GumCpuContext, r8)); - gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_R9, GUM_REG_RAX, + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_R9, GUM_X86_RAX, offsetof(GumCpuContext, r9)); - gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_R10, GUM_REG_RAX, + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_R10, GUM_X86_RAX, offsetof(GumCpuContext, r10)); - gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_R11, GUM_REG_RAX, + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_R11, GUM_X86_RAX, offsetof(GumCpuContext, r11)); - gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_R12, GUM_REG_RAX, + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_R12, GUM_X86_RAX, offsetof(GumCpuContext, r12)); - gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_R13, GUM_REG_RAX, + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_R13, GUM_X86_RAX, offsetof(GumCpuContext, r13)); - gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_R14, GUM_REG_RAX, + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_R14, GUM_X86_RAX, offsetof(GumCpuContext, r14)); - gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_R15, GUM_REG_RAX, + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_R15, GUM_X86_RAX, offsetof(GumCpuContext, r15)); /* Don't restore RIP */ - gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RSP, GUM_REG_RAX, + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_RSP, GUM_X86_RAX, offsetof(GumCpuContext, rsp)); /* Restore RBX, RAX & Flags */ - gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP, + gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_X86_RSP, GUM_X86_RSP, -(GUM_RED_ZONE_SIZE)); - gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RBX, GUM_REG_RAX, + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_RBX, GUM_X86_RAX, offsetof(GumCpuContext, rbx)); - gum_x86_writer_put_push_reg(cw, GUM_REG_RBX); + gum_x86_writer_put_push_reg(cw, GUM_X86_RBX); - gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RBX, GUM_REG_RAX, + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_RBX, GUM_X86_RAX, offsetof(GumCpuContext, rax)); - gum_x86_writer_put_push_reg(cw, GUM_REG_RBX); - gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RBX, GUM_REG_RAX, + gum_x86_writer_put_push_reg(cw, GUM_X86_RBX); + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_RBX, GUM_X86_RAX, offsetof(persistent_ctx_t, rflags)); - gum_x86_writer_put_push_reg(cw, GUM_REG_RBX); + gum_x86_writer_put_push_reg(cw, GUM_X86_RBX); gum_x86_writer_put_popfx(cw); - gum_x86_writer_put_pop_reg(cw, GUM_REG_RAX); - gum_x86_writer_put_pop_reg(cw, GUM_REG_RBX); + gum_x86_writer_put_pop_reg(cw, GUM_X86_RAX); + gum_x86_writer_put_pop_reg(cw, GUM_X86_RBX); - gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP, + gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_X86_RSP, GUM_X86_RSP, (GUM_RED_ZONE_SIZE)); } static void instrument_exit(GumX86Writer *cw) { - gum_x86_writer_put_mov_reg_address(cw, GUM_REG_RAX, GUM_ADDRESS(_exit)); - gum_x86_writer_put_mov_reg_u32(cw, GUM_REG_RDI, 0); - gum_x86_writer_put_call_reg(cw, GUM_REG_RAX); + gum_x86_writer_put_mov_reg_address(cw, GUM_X86_RAX, GUM_ADDRESS(_exit)); + gum_x86_writer_put_mov_reg_u32(cw, GUM_X86_RDI, 0); + gum_x86_writer_put_call_reg(cw, GUM_X86_RAX); } @@ -186,13 +186,13 @@ static int instrument_afl_persistent_loop_func(void) { static void instrument_afl_persistent_loop(GumX86Writer *cw) { - gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP, + gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_X86_RSP, GUM_X86_RSP, -(GUM_RED_ZONE_SIZE)); gum_x86_writer_put_call_address_with_arguments( cw, GUM_CALL_CAPI, GUM_ADDRESS(instrument_afl_persistent_loop_func), 0); - gum_x86_writer_put_test_reg_reg(cw, GUM_REG_RAX, GUM_REG_RAX); + gum_x86_writer_put_test_reg_reg(cw, GUM_X86_RAX, GUM_X86_RAX); - gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP, + gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_X86_RSP, GUM_X86_RSP, (GUM_RED_ZONE_SIZE)); } @@ -200,26 +200,26 @@ static void instrument_afl_persistent_loop(GumX86Writer *cw) { static void persistent_prologue_hook(GumX86Writer *cw, persistent_ctx_t *regs) { if (persistent_hook == NULL) return; - gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP, + gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_X86_RSP, GUM_X86_RSP, -(GUM_RED_ZONE_SIZE)); - gum_x86_writer_put_mov_reg_address(cw, GUM_REG_RDX, + gum_x86_writer_put_mov_reg_address(cw, GUM_X86_RDX, GUM_ADDRESS(&__afl_fuzz_len)); - gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RDX, GUM_REG_RDX, 0); - gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RDX, GUM_REG_RDX, 0); - gum_x86_writer_put_mov_reg_u64(cw, GUM_REG_RDI, 0xffffffff); - gum_x86_writer_put_and_reg_reg(cw, GUM_REG_RDX, GUM_REG_RDI); + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_RDX, GUM_X86_RDX, 0); + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_RDX, GUM_X86_RDX, 0); + gum_x86_writer_put_mov_reg_u64(cw, GUM_X86_RDI, 0xffffffff); + gum_x86_writer_put_and_reg_reg(cw, GUM_X86_RDX, GUM_X86_RDI); - gum_x86_writer_put_mov_reg_address(cw, GUM_REG_RSI, + gum_x86_writer_put_mov_reg_address(cw, GUM_X86_RSI, GUM_ADDRESS(&__afl_fuzz_ptr)); - gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RSI, GUM_REG_RSI, 0); + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_RSI, GUM_X86_RSI, 0); gum_x86_writer_put_call_address_with_arguments( cw, GUM_CALL_CAPI, GUM_ADDRESS(persistent_hook), 3, GUM_ARG_ADDRESS, - GUM_ADDRESS(®s->ctx), GUM_ARG_REGISTER, GUM_REG_RSI, GUM_ARG_REGISTER, - GUM_REG_RDX); + GUM_ADDRESS(®s->ctx), GUM_ARG_REGISTER, GUM_X86_RSI, GUM_ARG_REGISTER, + GUM_X86_RDX); - gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP, + gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_X86_RSP, GUM_X86_RSP, (GUM_RED_ZONE_SIZE)); } @@ -228,23 +228,23 @@ static void instrument_persitent_save_ret(GumX86Writer *cw) { /* Stack usage by this function */ gssize offset = GUM_RED_ZONE_SIZE + (3 * 8); - gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP, + gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_X86_RSP, GUM_X86_RSP, -(GUM_RED_ZONE_SIZE)); gum_x86_writer_put_pushfx(cw); - gum_x86_writer_put_push_reg(cw, GUM_REG_RAX); - gum_x86_writer_put_push_reg(cw, GUM_REG_RBX); + gum_x86_writer_put_push_reg(cw, GUM_X86_RAX); + gum_x86_writer_put_push_reg(cw, GUM_X86_RBX); - gum_x86_writer_put_mov_reg_address(cw, GUM_REG_RAX, GUM_ADDRESS(&saved_ret)); - gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RBX, GUM_REG_RSP, + gum_x86_writer_put_mov_reg_address(cw, GUM_X86_RAX, GUM_ADDRESS(&saved_ret)); + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_RBX, GUM_X86_RSP, offset); - gum_x86_writer_put_mov_reg_ptr_reg(cw, GUM_REG_RAX, GUM_REG_RBX); + gum_x86_writer_put_mov_reg_ptr_reg(cw, GUM_X86_RAX, GUM_X86_RBX); - gum_x86_writer_put_pop_reg(cw, GUM_REG_RBX); - gum_x86_writer_put_pop_reg(cw, GUM_REG_RAX); + gum_x86_writer_put_pop_reg(cw, GUM_X86_RBX); + gum_x86_writer_put_pop_reg(cw, GUM_X86_RAX); gum_x86_writer_put_popfx(cw); - gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP, + gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_X86_RSP, GUM_X86_RSP, (GUM_RED_ZONE_SIZE)); } @@ -278,7 +278,7 @@ void persistent_prologue_arch(GumStalkerOutput *output) { FVERBOSE("Persistent loop reached"); /* Pop the return value */ - gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP, 8); + gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_X86_RSP, GUM_X86_RSP, 8); instrument_persitent_save_regs(cw, &saved_regs); @@ -326,13 +326,13 @@ void persistent_epilogue_arch(GumStalkerOutput *output) { /* The stack should be aligned when we re-enter our loop */ gconstpointer zero = cw->code + 1; - gum_x86_writer_put_test_reg_u32(cw, GUM_REG_RSP, 0xF); + gum_x86_writer_put_test_reg_u32(cw, GUM_X86_RSP, 0xF); gum_x86_writer_put_jcc_near_label(cw, X86_INS_JE, zero, GUM_NO_HINT); - gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP, -8); + gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_X86_RSP, GUM_X86_RSP, -8); gum_x86_writer_put_label(cw, zero); - gum_x86_writer_put_mov_reg_address(cw, GUM_REG_RAX, GUM_ADDRESS(&saved_ret)); - gum_x86_writer_put_jmp_reg_ptr(cw, GUM_REG_RAX); + gum_x86_writer_put_mov_reg_address(cw, GUM_X86_RAX, GUM_ADDRESS(&saved_ret)); + gum_x86_writer_put_jmp_reg_ptr(cw, GUM_X86_RAX); } diff --git a/frida_mode/src/persistent/persistent_x86.c b/frida_mode/src/persistent/persistent_x86.c index 76c25334..535679be 100644 --- a/frida_mode/src/persistent/persistent_x86.c +++ b/frida_mode/src/persistent/persistent_x86.c @@ -9,7 +9,6 @@ #if defined(__i386__) typedef struct { - GumCpuContext ctx; uint32_t eflags; @@ -20,178 +19,159 @@ static persistent_ctx_t saved_regs = {0}; static gpointer saved_ret = NULL; gboolean persistent_is_supported(void) { - return true; - } static void instrument_persitent_save_regs(GumX86Writer * cw, persistent_ctx_t *regs) { - GumAddress regs_address = GUM_ADDRESS(regs); /* Should be pushing FPU here, but meh */ gum_x86_writer_put_pushfx(cw); - gum_x86_writer_put_push_reg(cw, GUM_REG_EAX); + gum_x86_writer_put_push_reg(cw, GUM_X86_EAX); - gum_x86_writer_put_mov_reg_address(cw, GUM_REG_EAX, regs_address); + gum_x86_writer_put_mov_reg_address(cw, GUM_X86_EAX, regs_address); gum_x86_writer_put_mov_reg_offset_ptr_reg( - cw, GUM_REG_EAX, offsetof(GumCpuContext, ebx), GUM_REG_EBX); + cw, GUM_X86_EAX, offsetof(GumCpuContext, ebx), GUM_X86_EBX); gum_x86_writer_put_mov_reg_offset_ptr_reg( - cw, GUM_REG_EAX, offsetof(GumCpuContext, ecx), GUM_REG_ECX); + cw, GUM_X86_EAX, offsetof(GumCpuContext, ecx), GUM_X86_ECX); gum_x86_writer_put_mov_reg_offset_ptr_reg( - cw, GUM_REG_EAX, offsetof(GumCpuContext, edx), GUM_REG_EDX); + cw, GUM_X86_EAX, offsetof(GumCpuContext, edx), GUM_X86_EDX); gum_x86_writer_put_mov_reg_offset_ptr_reg( - cw, GUM_REG_EAX, offsetof(GumCpuContext, edi), GUM_REG_EDI); + cw, GUM_X86_EAX, offsetof(GumCpuContext, edi), GUM_X86_EDI); gum_x86_writer_put_mov_reg_offset_ptr_reg( - cw, GUM_REG_EAX, offsetof(GumCpuContext, esi), GUM_REG_ESI); + cw, GUM_X86_EAX, offsetof(GumCpuContext, esi), GUM_X86_ESI); gum_x86_writer_put_mov_reg_offset_ptr_reg( - cw, GUM_REG_EAX, offsetof(GumCpuContext, ebp), GUM_REG_EBP); + cw, GUM_X86_EAX, offsetof(GumCpuContext, ebp), GUM_X86_EBP); /* Store RIP */ - gum_x86_writer_put_mov_reg_address(cw, GUM_REG_EBX, + gum_x86_writer_put_mov_reg_address(cw, GUM_X86_EBX, GUM_ADDRESS(persistent_start)); gum_x86_writer_put_mov_reg_offset_ptr_reg( - cw, GUM_REG_EAX, offsetof(GumCpuContext, eip), GUM_REG_EBX); + cw, GUM_X86_EAX, offsetof(GumCpuContext, eip), GUM_X86_EBX); /* Store adjusted RSP */ - gum_x86_writer_put_mov_reg_reg(cw, GUM_REG_EBX, GUM_REG_ESP); + gum_x86_writer_put_mov_reg_reg(cw, GUM_X86_EBX, GUM_X86_ESP); /* RED_ZONE + Saved flags, RAX */ - gum_x86_writer_put_add_reg_imm(cw, GUM_REG_EBX, (0x4 * 2)); + gum_x86_writer_put_add_reg_imm(cw, GUM_X86_EBX, (0x4 * 2)); gum_x86_writer_put_mov_reg_offset_ptr_reg( - cw, GUM_REG_EAX, offsetof(GumCpuContext, esp), GUM_REG_EBX); + cw, GUM_X86_EAX, offsetof(GumCpuContext, esp), GUM_X86_EBX); /* Save the flags */ - gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_EBX, GUM_REG_ESP, 0x4); + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_EBX, GUM_X86_ESP, 0x4); gum_x86_writer_put_mov_reg_offset_ptr_reg( - cw, GUM_REG_EAX, offsetof(persistent_ctx_t, eflags), GUM_REG_EBX); + cw, GUM_X86_EAX, offsetof(persistent_ctx_t, eflags), GUM_X86_EBX); /* Save the RAX */ - gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_EBX, GUM_REG_ESP, 0x0); + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_EBX, GUM_X86_ESP, 0x0); gum_x86_writer_put_mov_reg_offset_ptr_reg( - cw, GUM_REG_EAX, offsetof(GumCpuContext, eax), GUM_REG_EBX); + cw, GUM_X86_EAX, offsetof(GumCpuContext, eax), GUM_X86_EBX); /* Pop the saved values */ - gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_ESP, GUM_REG_ESP, 0x8); - + gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_X86_ESP, GUM_X86_ESP, 0x8); } static void instrument_persitent_restore_regs(GumX86Writer * cw, persistent_ctx_t *regs) { - GumAddress regs_address = GUM_ADDRESS(regs); - gum_x86_writer_put_mov_reg_address(cw, GUM_REG_EAX, regs_address); + gum_x86_writer_put_mov_reg_address(cw, GUM_X86_EAX, regs_address); - gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_ECX, GUM_REG_EAX, + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_ECX, GUM_X86_EAX, offsetof(GumCpuContext, ecx)); - gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_EDX, GUM_REG_EAX, + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_EDX, GUM_X86_EAX, offsetof(GumCpuContext, edx)); - gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_EDI, GUM_REG_EAX, + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_EDI, GUM_X86_EAX, offsetof(GumCpuContext, edi)); - gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_ESI, GUM_REG_EAX, + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_ESI, GUM_X86_EAX, offsetof(GumCpuContext, esi)); - gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_EBP, GUM_REG_EAX, + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_EBP, GUM_X86_EAX, offsetof(GumCpuContext, ebp)); /* Don't restore RIP */ - gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_ESP, GUM_REG_EAX, + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_ESP, GUM_X86_EAX, offsetof(GumCpuContext, esp)); /* Restore RBX, RAX & Flags */ - gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_EBX, GUM_REG_EAX, + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_EBX, GUM_X86_EAX, offsetof(GumCpuContext, ebx)); - gum_x86_writer_put_push_reg(cw, GUM_REG_EBX); + gum_x86_writer_put_push_reg(cw, GUM_X86_EBX); - gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_EBX, GUM_REG_EAX, + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_EBX, GUM_X86_EAX, offsetof(GumCpuContext, eax)); - gum_x86_writer_put_push_reg(cw, GUM_REG_EBX); - gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_EBX, GUM_REG_EAX, + gum_x86_writer_put_push_reg(cw, GUM_X86_EBX); + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_EBX, GUM_X86_EAX, offsetof(persistent_ctx_t, eflags)); - gum_x86_writer_put_push_reg(cw, GUM_REG_EBX); + gum_x86_writer_put_push_reg(cw, GUM_X86_EBX); gum_x86_writer_put_popfx(cw); - gum_x86_writer_put_pop_reg(cw, GUM_REG_EAX); - gum_x86_writer_put_pop_reg(cw, GUM_REG_EBX); - + gum_x86_writer_put_pop_reg(cw, GUM_X86_EAX); + gum_x86_writer_put_pop_reg(cw, GUM_X86_EBX); } static void instrument_exit(GumX86Writer *cw) { - - gum_x86_writer_put_mov_reg_address(cw, GUM_REG_EAX, GUM_ADDRESS(_exit)); - gum_x86_writer_put_mov_reg_u32(cw, GUM_REG_EDI, 0); - gum_x86_writer_put_push_reg(cw, GUM_REG_EDI); - gum_x86_writer_put_call_reg(cw, GUM_REG_EAX); - + gum_x86_writer_put_mov_reg_address(cw, GUM_X86_EAX, GUM_ADDRESS(_exit)); + gum_x86_writer_put_mov_reg_u32(cw, GUM_X86_EDI, 0); + gum_x86_writer_put_push_reg(cw, GUM_X86_EDI); + gum_x86_writer_put_call_reg(cw, GUM_X86_EAX); } static int instrument_afl_persistent_loop_func(void) { - int ret = __afl_persistent_loop(persistent_count); if (instrument_previous_pc_addr == NULL) { - FATAL("instrument_previous_pc_addr uninitialized"); - } *instrument_previous_pc_addr = instrument_hash_zero; return ret; - } static void instrument_afl_persistent_loop(GumX86Writer *cw) { - gum_x86_writer_put_call_address_with_arguments( cw, GUM_CALL_CAPI, GUM_ADDRESS(instrument_afl_persistent_loop_func), 0); - gum_x86_writer_put_test_reg_reg(cw, GUM_REG_EAX, GUM_REG_EAX); - + gum_x86_writer_put_test_reg_reg(cw, GUM_X86_EAX, GUM_X86_EAX); } static void persistent_prologue_hook(GumX86Writer *cw, persistent_ctx_t *regs) { - if (persistent_hook == NULL) return; - gum_x86_writer_put_mov_reg_address(cw, GUM_REG_ECX, + gum_x86_writer_put_mov_reg_address(cw, GUM_X86_ECX, GUM_ADDRESS(&__afl_fuzz_len)); - gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_ECX, GUM_REG_ECX, 0); - gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_ECX, GUM_REG_ECX, 0); + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_ECX, GUM_X86_ECX, 0); + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_ECX, GUM_X86_ECX, 0); - gum_x86_writer_put_mov_reg_address(cw, GUM_REG_EDX, + gum_x86_writer_put_mov_reg_address(cw, GUM_X86_EDX, GUM_ADDRESS(&__afl_fuzz_ptr)); - gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_EDX, GUM_REG_EDX, 0); + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_EDX, GUM_X86_EDX, 0); /* Base address is 64-bits (hence two zero arguments) */ gum_x86_writer_put_call_address_with_arguments( cw, GUM_CALL_CAPI, GUM_ADDRESS(persistent_hook), 3, GUM_ARG_ADDRESS, - GUM_ADDRESS(®s->ctx), GUM_ARG_REGISTER, GUM_REG_EDX, GUM_ARG_REGISTER, - GUM_REG_ECX); - + GUM_ADDRESS(®s->ctx), GUM_ARG_REGISTER, GUM_X86_EDX, GUM_ARG_REGISTER, + GUM_X86_ECX); } static void instrument_persitent_save_ret(GumX86Writer *cw) { - /* Stack usage by this function */ gssize offset = (3 * 4); gum_x86_writer_put_pushfx(cw); - gum_x86_writer_put_push_reg(cw, GUM_REG_EAX); - gum_x86_writer_put_push_reg(cw, GUM_REG_EBX); + gum_x86_writer_put_push_reg(cw, GUM_X86_EAX); + gum_x86_writer_put_push_reg(cw, GUM_X86_EBX); - gum_x86_writer_put_mov_reg_address(cw, GUM_REG_EAX, GUM_ADDRESS(&saved_ret)); - gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_EBX, GUM_REG_ESP, + gum_x86_writer_put_mov_reg_address(cw, GUM_X86_EAX, GUM_ADDRESS(&saved_ret)); + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_X86_EBX, GUM_X86_ESP, offset); - gum_x86_writer_put_mov_reg_ptr_reg(cw, GUM_REG_EAX, GUM_REG_EBX); + gum_x86_writer_put_mov_reg_ptr_reg(cw, GUM_X86_EAX, GUM_X86_EBX); - gum_x86_writer_put_pop_reg(cw, GUM_REG_EBX); - gum_x86_writer_put_pop_reg(cw, GUM_REG_EAX); + gum_x86_writer_put_pop_reg(cw, GUM_X86_EBX); + gum_x86_writer_put_pop_reg(cw, GUM_X86_EAX); gum_x86_writer_put_popfx(cw); - } void persistent_prologue_arch(GumStalkerOutput *output) { - /* * SAVE REGS * SAVE RET @@ -219,7 +199,7 @@ void persistent_prologue_arch(GumStalkerOutput *output) { FVERBOSE("Persistent loop reached"); /* Pop the return value */ - gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_ESP, GUM_REG_ESP, 4); + gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_X86_ESP, GUM_X86_ESP, 4); instrument_persitent_save_regs(cw, &saved_regs); @@ -254,19 +234,15 @@ void persistent_prologue_arch(GumStalkerOutput *output) { instrument_persitent_save_ret(cw); if (persistent_debug) { gum_x86_writer_put_breakpoint(cw); } - } void persistent_epilogue_arch(GumStalkerOutput *output) { - GumX86Writer *cw = output->writer.x86; if (persistent_debug) { gum_x86_writer_put_breakpoint(cw); } - gum_x86_writer_put_mov_reg_address(cw, GUM_REG_EAX, GUM_ADDRESS(&saved_ret)); - gum_x86_writer_put_jmp_reg_ptr(cw, GUM_REG_EAX); - + gum_x86_writer_put_mov_reg_address(cw, GUM_X86_EAX, GUM_ADDRESS(&saved_ret)); + gum_x86_writer_put_jmp_reg_ptr(cw, GUM_X86_EAX); } #endif - |