about summary refs log tree commit diff
path: root/frida_mode/src/persistent/persistent_x64.c
diff options
context:
space:
mode:
Diffstat (limited to 'frida_mode/src/persistent/persistent_x64.c')
-rw-r--r--frida_mode/src/persistent/persistent_x64.c46
1 files changed, 6 insertions, 40 deletions
diff --git a/frida_mode/src/persistent/persistent_x64.c b/frida_mode/src/persistent/persistent_x64.c
index 49f1988c..aa772b7f 100644
--- a/frida_mode/src/persistent/persistent_x64.c
+++ b/frida_mode/src/persistent/persistent_x64.c
@@ -40,7 +40,6 @@ struct x86_64_regs {
 typedef struct x86_64_regs arch_api_regs;
 
 static arch_api_regs saved_regs = {0};
-static void *        saved_return = NULL;
 
 gboolean persistent_is_supported(void) {
 
@@ -183,43 +182,11 @@ static void instrument_persitent_restore_regs(GumX86Writer *      cw,
 
 }
 
-static void instrument_save_ret(GumX86Writer *cw, void **saved_return_ptr) {
+static void instrument_exit(GumX86Writer *cw) {
 
-  GumAddress saved_return_address = GUM_ADDRESS(saved_return_ptr);
-  gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP,
-                                        -(GUM_RED_ZONE_SIZE));
-  gum_x86_writer_put_push_reg(cw, GUM_REG_RAX);
-  gum_x86_writer_put_push_reg(cw, GUM_REG_RBX);
-
-  gum_x86_writer_put_mov_reg_address(cw, GUM_REG_RAX, saved_return_address);
-  gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RBX, GUM_REG_RSP,
-                                            GUM_RED_ZONE_SIZE + 0x10);
-  gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_RAX, 0, GUM_REG_RBX);
-
-  gum_x86_writer_put_pop_reg(cw, GUM_REG_RBX);
-  gum_x86_writer_put_pop_reg(cw, GUM_REG_RAX);
-
-  gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP,
-                                        (GUM_RED_ZONE_SIZE));
-
-}
-
-static void instrument_jump_ret(GumX86Writer *cw, void **saved_return_ptr) {
-
-  GumAddress saved_return_address = GUM_ADDRESS(saved_return_ptr);
-  gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP,
-                                        -(GUM_RED_ZONE_SIZE));
-
-  /* Place holder for ret */
-  gum_x86_writer_put_push_reg(cw, GUM_REG_RAX);
-  gum_x86_writer_put_push_reg(cw, GUM_REG_RAX);
-
-  gum_x86_writer_put_mov_reg_address(cw, GUM_REG_RAX, saved_return_address);
-  gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RAX, GUM_REG_RAX, 0);
-
-  gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_RSP, 0x8, GUM_REG_RAX);
-  gum_x86_writer_put_pop_reg(cw, GUM_REG_RAX);
-  gum_x86_writer_put_ret_imm(cw, GUM_RED_ZONE_SIZE);
+  gum_x86_writer_put_mov_reg_address(cw, GUM_REG_RAX, GUM_ADDRESS(_exit));
+  gum_x86_writer_put_mov_reg_u32(cw, GUM_REG_RDI, 0);
+  gum_x86_writer_put_call_reg(cw, GUM_REG_RAX);
 
 }
 
@@ -302,8 +269,7 @@ void persistent_prologue(GumStalkerOutput *output) {
   /* Stack must be 16-byte aligned per ABI */
   instrument_persitent_save_regs(cw, &saved_regs);
 
-  /* Stash and pop the return value */
-  instrument_save_ret(cw, &saved_return);
+  /* pop the return value */
   gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP, (8));
 
   /* loop: */
@@ -329,7 +295,7 @@ void persistent_prologue(GumStalkerOutput *output) {
   /* done: */
   gum_x86_writer_put_label(cw, done);
 
-  instrument_jump_ret(cw, &saved_return);
+  instrument_exit(cw);
 
   /* original: */
   gum_x86_writer_put_label(cw, original);
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-05-21 19:33:30 +0000