diff options
Diffstat (limited to 'frida_mode/src/persistent/persistent_arm32.c')
| -rw-r--r-- | frida_mode/src/persistent/persistent_arm32.c | 31 |
1 files changed, 29 insertions, 2 deletions
diff --git a/frida_mode/src/persistent/persistent_arm32.c b/frida_mode/src/persistent/persistent_arm32.c index a2b63652..dbe51eb5 100644 --- a/frida_mode/src/persistent/persistent_arm32.c +++ b/frida_mode/src/persistent/persistent_arm32.c @@ -7,6 +7,7 @@ #if defined(__arm__) // struct _GumArmCpuContext { + // guint32 pc; // guint32 sp; // guint32 cpsr; @@ -35,11 +36,14 @@ static GumCpuContext saved_regs = {0}; static gpointer saved_lr = NULL; gboolean persistent_is_supported(void) { + return true; + } -static void instrument_persitent_save_regs(GumArmWriter * cw, +static void instrument_persitent_save_regs(GumArmWriter *cw, GumCpuContext *regs) { + /* Save Regs */ gum_arm_writer_put_str_reg_reg_offset(cw, ARM_REG_R0, ARM_REG_SP, GUM_RED_ZONE_SIZE); @@ -50,8 +54,10 @@ static void instrument_persitent_save_regs(GumArmWriter * cw, /* Save r1-r7 */ for (size_t i = ARM_REG_R1; i < ARM_REG_R8; i++) { + gum_arm_writer_put_str_reg_reg_offset( cw, i, ARM_REG_R0, offsetof(GumCpuContext, r[i - ARM_REG_R0])); + } /* Save r8-r12 */ @@ -94,10 +100,12 @@ static void instrument_persitent_save_regs(GumArmWriter * cw, GUM_RED_ZONE_SIZE + sizeof(guint32)); gum_arm_writer_put_ldr_reg_reg_offset(cw, ARM_REG_R0, ARM_REG_SP, GUM_RED_ZONE_SIZE); + } -static void instrument_persitent_restore_regs(GumArmWriter * cw, +static void instrument_persitent_restore_regs(GumArmWriter *cw, GumCpuContext *regs) { + gum_arm_writer_put_ldr_reg_address(cw, ARM_REG_R0, GUM_ADDRESS(regs)); /* Restore CPSR */ @@ -125,37 +133,49 @@ static void instrument_persitent_restore_regs(GumArmWriter * cw, /* Restore r7-r0 */ for (size_t i = ARM_REG_R7; i >= ARM_REG_R0; i--) { + gum_arm_writer_put_ldr_reg_reg_offset( cw, i, ARM_REG_R0, offsetof(GumCpuContext, r[i - ARM_REG_R0])); + } + } static void instrument_exit(GumArmWriter *cw) { + gum_arm_writer_put_sub_reg_reg_reg(cw, ARM_REG_R0, ARM_REG_R0, ARM_REG_R0); gum_arm_writer_put_call_address_with_arguments(cw, GUM_ADDRESS(_exit), 1, GUM_ARG_REGISTER, ARM_REG_R0); + } static int instrument_afl_persistent_loop_func(void) { + int ret = __afl_persistent_loop(persistent_count); if (instrument_previous_pc_addr == NULL) { + FATAL("instrument_previous_pc_addr uninitialized"); + } *instrument_previous_pc_addr = instrument_hash_zero; return ret; + } static void instrument_afl_persistent_loop(GumArmWriter *cw) { + gum_arm_writer_put_sub_reg_reg_imm(cw, ARM_REG_SP, ARM_REG_SP, GUM_RED_ZONE_SIZE); gum_arm_writer_put_call_address_with_arguments( cw, GUM_ADDRESS(instrument_afl_persistent_loop_func), 0); gum_arm_writer_put_add_reg_reg_imm(cw, ARM_REG_SP, ARM_REG_SP, GUM_RED_ZONE_SIZE); + } static void persistent_prologue_hook(GumArmWriter *cw, GumCpuContext *regs) { + if (persistent_hook == NULL) return; gum_arm_writer_put_sub_reg_reg_imm(cw, ARM_REG_SP, ARM_REG_SP, @@ -175,9 +195,11 @@ static void persistent_prologue_hook(GumArmWriter *cw, GumCpuContext *regs) { gum_arm_writer_put_add_reg_reg_imm(cw, ARM_REG_SP, ARM_REG_SP, GUM_RED_ZONE_SIZE); + } static void instrument_persitent_save_lr(GumArmWriter *cw) { + gum_arm_writer_put_str_reg_reg_offset(cw, ARM_REG_R0, ARM_REG_SP, GUM_RED_ZONE_SIZE); @@ -186,9 +208,11 @@ static void instrument_persitent_save_lr(GumArmWriter *cw) { gum_arm_writer_put_ldr_reg_reg_offset(cw, ARM_REG_R0, ARM_REG_SP, GUM_RED_ZONE_SIZE); + } void persistent_prologue_arch(GumStalkerOutput *output) { + /* * SAVE REGS * SAVE RET @@ -251,9 +275,11 @@ void persistent_prologue_arch(GumStalkerOutput *output) { instrument_persitent_save_lr(cw); if (persistent_debug) { gum_arm_writer_put_breakpoint(cw); } + } void persistent_epilogue_arch(GumStalkerOutput *output) { + GumArmWriter *cw = output->writer.arm; if (persistent_debug) { gum_arm_writer_put_breakpoint(cw); } @@ -263,6 +289,7 @@ void persistent_epilogue_arch(GumStalkerOutput *output) { gum_arm_writer_put_ldr_reg_reg_offset(cw, ARM_REG_R0, ARM_REG_R0, 0); gum_arm_writer_put_bx_reg(cw, ARM_REG_R0); + } #endif |